I have an express backend and want to only allow authenticated shopify customers to access the backend. I was wondering if theres a way to get the logged in customers access token and verify it in the backend?
Hi
I don’t think there is access token for the logged in customers, but what you can do is using the app proxy to serve your backend to the logged in customer, because you can verified the app proxy request is from Shopify and when Shopify calling your app proxy endpoint, it will supplied the logged_in_customer id as well, which means you know its coming from Shopify and which customer.
Here is the doc for App proxy Display dynamic store data with app proxies
Thank you Vito. After further research, this seems to be the solution.
Just want to give more details for others who may have the same issue:
Let’s assume you want your store to interact with your external backend api. Specifically, you only want to allow requests from customers who have logged into your store.
Your backend is https://example.com/api
You setup a Shopify App Proxy: /apps/my-app
Let’s say you want to fetch students from your api and display in the store.
From your stores theme, you can fetch(“/apps/my-app/students”)
Shopify will proxy your request to https://example.com/api/students
Shopify will include additional information in the request. You can configure middleware in your backend to validate the request.
This way, your api will only allow requests from your Shopify store.
1 Like