how is the shopify api hacker-proof ?

Retired Boards Appdev Custom Storefronts
1

hi,

i was wondering how the shopify api worked because I was considering to use shopify services. I found this :

https://www.shopify.com/partners/blog/17056443-how-to-generate-a-shopify-api-token

everything was clear but then i saw while visiting someone else’s website using shopify :

ABCD.com (ABCD.com is not the real website)

that you could add : /shop.json to the url and find (for everyone) a lot of info on the website

ABCD.com/shop.json

like the

[1]  host_name.myshopify.com

[2]  <meta name="shopify-checkout-api-token" **content="XXXXXXXXXXXXXXXXXXXX"**>

with these 2 according to https://www.shopify.com/partners/blog/17056443-how-to-generate-a-shopify-api-token Step 4 :“the $token variable. Remember, this is like a password into this shop, so you’ll want to store this token in a very safe place.

according to step 5 with [1] and [2] anyone should supposedly be able to call the API and do malicious things.

What I am missing ?

please tell me there’s one obvious thing that makes the site safe ?

Louis

2

Hi there @khannah !

I just wanted to let you know I have moved your query here to our dedicated API forum.

As we’re not in a position to provide developer-level support for this ourselves here, we have provided this place for threads on all things API-related.

Our own developers and partners monitor and respond to these threads, so it’s really the best place to get any info on queries like this.

All the best!

3

Many thanks :wink:

hoping to get an answer soon.

Louis