Hello,
In our system architecture, we have our mobile app driven by Shopify using an interface hosted on AWS server as a Node js Lambda function. So when a customer goes through Forgot password flow on the mobile app, we in turn call Shopify using APIs from the interface, in this case we need to trigger password reset email. We are facing challenge with implementation of this flow. Since this is a server side Storefront API call, the customerRecover API gets throttled very quickly(typically after 2-3 requests)
Based on the documentation we are trying to check the approach of using a Delegate Token, however, while doing POC when we use “Shopify-Storefront-Private-Token” and “Shopify-Storefront-Buyer-IP”, however we end up getting “403 Forbidden” response. We have set the access scope “unauthenticated_write_customers” on the Shopify app and hence we are not able to understand what is the right way to use delegate token.
Can someone please help us with an example of using the delegate token. The documentation - https://shopify.dev/apps/auth/oauth/delegate-access-tokens - does not clearly state the headers or authentication to be used. And looking at authentication section in API docs - https://shopify.dev/api/storefront#authentication - It just states “Include your delegate access token as a Shopify-Storefront-Private-Token header on requests from a server, such as the backend of a Hydrogen site.”
Kindly advise