Dear Shopify Community,
I’m a new Shopify app developer and I have a few questions.
I’m making a public Shopify app using Golang and the app will only have a single page to show for each shop which installs the App.
Status now:
- The app is in development, i.e. its not available in the app store.
- The app can be installed (i.e. the Oauth flow is working)
- I can obtain the required access token for the shops which installs the app
- I can access the Shopify API for the shops using the acquired access tokens without any problems
- When the app is installed and a user (inside Shopify Admin) clicks on the app, the App front-end is displayed in an iframe inside the Admin section
- In the App I verify (server side) that the HMAC of the call is valid and verify that the timestamp is within a few seconds of the server time (replay attack)
Question:
- Currently, when my server hosting the app receives a valid request (valid HMAC and timestamp) I consider the request to be authenticated and will show the relevant information for the specified ‘shop’. Is this sufficient or do I need to do anything further in terms of validating/authenticating the request before showing the single page for the ‘shop’?
- I would rather not want to have a React front-end - rather I would like to have server side rendering of html/js. Is it possible to get the Shopify admin css documents so that my App can have the right look and feel?
Thank you for the help - this is my first Shopify App.
Happy holidays to you all.
Best,
Jesper