Hey team, quick question about authentication in payment apps.
We have payment apps built using Checkout UI Extensions, and we’d like to better understand how to authenticate incoming requests from Shopify.
When Shopify sends a POST request to our payment gateway to create a payment session, is there any way to authenticate this request?
Would it be possible for Shopify to include a JWT token (for example) in the request?
We’d prefer not to keep the endpoint completely open and rely only on the shopify-shop-domain for validation.
Could you share an example or best practice on how this should be handled?