FROM CACHE - en_header

How/where to store secret keys?

New Member
1 0 0

I am trying to use the ipapi API ( to get the geolocation data of users and I have an API key which I will need to use to make the API call to get the JSON results.

In nodejs, we can use .env to store secret keys and access them with process.env.KEY_NAME. The same goes for servers such as Heroku and AWS, where we can store an API keys as config vars.

But for shopify, I can't seem to find out where to store secret API keys.

I have read some examples:

How to define global variables in Liquid? (this doesn't seem like the right thing to do as I want to store it as a secret and access it from another file). (only for themekit/slate development).

Is it safe to just create another .liquid file and place all my secret keys there and just call it from another file? Or do I create it in settings_schema.json?

Would appreciate if someone could point me the right direction.

Thank you!

Replies 3 (3)
6 0 2

Have a similar issue - did you ever find out?

New Member
2 0 0

An app is suitable for such a purpose. You store the secrets in the app and send requests to the app, in turn, the app interacts with the shop API/3rd-party API to perform the actual tasks and responds to your request.

New Member
1 0 0

How do you verify the request to the app? You don't want to leave your app's endpoint exposed without being able to verify that the request came from the Shopify shop.