By running https://github.com/Shopify/embedded-app-example and clicking the embedded app inside the APP tab of Shopify admin, my browser is redirected to https://xxx.myshopify.com/admin/apps/844102947dbaef5c7ae6021f66195bae/?shop=xxx.myshopify.com&signature=7e0eab964a90e8324540b1b0fc2ea668×tamp=1391487132&admin=1.
Inside embedded-app-example, there is a corresponding visit record with the following GET params.
{"shop"=>"xxx.myshopify.com", "signature"=>"7e0eab964a90e8324540b1b0fc2ea668", "timestamp"=>"1391487132", "admin"=>"1"}
How could we verify the access? Where is the documentation about this “signature”?