Unfortunately with what explained, anyone can just call the REST API calls easily to manipulate other shops by just knowing the other shops .myshopify.com URL
Unrelated to the above, I’m trying to use the ES5 AppBridge but my call to getSessionToken throws an error:
Uncaught (in promise) TypeError: Cannot read property ‘subscribe’ of undefined
at app-bridge-utils:1
Any ideas? @Michael_Ragalie @Liam