i have devloped shopify app in which shopid and subscription plan is going to backend { nodejs } , how to secure that api means how my backend is going to known that these api request is coming from shopify only not by any other third party .
You can use the Session Tokens provided through the Shopify AppBridge to authenticate that the API request is through an authenticated and valid Shopify Admin session.
Your app’s API endpoints should be verifying this session token before performing any logic.