How to securely store 3rd party API keys in a custom order tracking app?

Shopify Apps
1

Hi all,

I’m trying to construct a simple app order tracking app page.

First, upon placing an order, an automatic email is sent with a link to a tracking page with the order number as a query parameter.

Second, when the user visits that page, a 3rd party API is called with the order number (provided as a query parameter or typed in as an input). That API call goes first to a proxy server where the API credentials are stored. The request checks it is coming from Shopify, and then if it is, it calls the 3rd party API and checks the order number for any tracking updates in our management system. And returns either tracking information from the shipping APIs or just the tracking numbers.

I can handle doing all of this, but I’m struggling trying to put this together. I’d rather build a custom app that allows the admin to store the 3rd party API key on the Shopify backend. Then instead of calling proxy server, it just gets the API key from the backend without exposing it, and then makes the call to the tracking server.

I’m confused on where/how I’d store the API keys. I want to build a custom remix app, but how would I connect it to the frontend page? Can I make a frontend page in remix to or is it just the backend apps?

Thanks in advance!

2

Hey @loPat, totally get where you’re coming from

If you’re going the custom app route (like with Remix), storing the API key in an environment variable or encrypted database is usually the way to go. That way, your frontend never touches the key, all requests go through your backend, which securely handles the API call and returns just the info you need. Keeps things clean and safe.

Also yes with Remix, you can definitely build both backend routes and customer-facing pages in the same app. It actually works pretty well for this kind of setup.

That said, if you’re mainly trying to show tracking updates, you could look into this app ParcelPanel. It handles multi-carrier tracking, branded pages, and auto-syncs tracking info, all without needing to build the backend yourself. Just an option if you’d rather skip the setup and focus on your store.

Hope this helps a bit! If it does, feel free to mark it as a solution so others can find it too :blush: