In shopify app development on local machine we are exposing a public tunnel using cloudflare. It will be public and there is concern of intruders with Info security.
Since the tunnel url is public the security is compromised.
Could you help me do we have any better secure way to do this.
Your app should be verifying Shopify issued Session Tokens in order to access protected resources.
Also, think about when your app is live - it’s also exposed to the internet. Therefore Session Tokens are the main security mechanism to prove that the requests are coming from authenticated Shopify merchants.
You can also avoid tunnels with the new localhost-based development. More info here: Select a networking option for local development
1 Like