Hey @Andrei_Rodrigues1,
Customer Account UI Extensions aren’t the only way, but they’re the recommended approach for securely displaying customer-specific external data. Liquid also has a customer object that exposes some info for logged-in customers.
Customer account Extensions don’t require Shopify Plus. Some B2B-specific targets on the Profile page are Plus-only, but the core extension targets work on all plans.
For securing requests to your backend, the Session Token API is available. There’s a helpful community thread here that walks through manual session token validation in Ruby that shows the practical implementation.
You can find the full token structure and claims in the Session Token API documentation.