Shopify Embedded App authenticating requests to my postgresql db

发布于 2020-04-23 11:38:05

Does shopify have a method of authenticating requests to my postgresql db. I was given code to a shopify embedded app done using ruby on rails (backend) and react.js with Polaris (front end) and I see that the front end makes requests to the backend without any headers or authorization.

Example:

axios.get('/api/main/vendor’)
.then(response=> {
    console.log(response)
})
.catch(error=> {
    console.log(error)
});

This seems to work and print outs the response from the backend.

However, when I run the server and make the GET request through Postman, passing in this URL:

https://<NGROK_URL>/api/main/vendor

I can see in my terminal that I get status 302 (redirected to login).

Processing by Api::MainController#vendor as JSON
Redirected to https://<NGROK_URL>/login
Completed 302 Found in 19ms (ActiveRecord: 0.0ms)

I’m wondering if there’s some sort of authentication that shopify does when developing an embedded app that I’m unaware of. For example does it implicitly pass in some token? If so, where can i find this. Sorry for this question if it sounds newby, I’m pretty new to shopify dev.

Questioner

jim

Viewed

Chinese

Original

jim 2020-02-08 23:31:30

and just to double check this isn't when I download shopify info using the shopify API? I'm referring to after I've downloaded this data and stored it in postgresql

drip 2020-02-09 01:19:46

@jim if you are trying to access the DB from the front-end to a Shopify app proxy page, it will pass these arguments. If you are trying to request the database inside the embed app ( the react front-end ), all request there have nothing to do with Shopify. So to sum it up if you make a request to a proxy page via Shopify the arguments will be present, if you make a request inside your app no arguments will be passed.

Shopify Embedded App authenticating requests to my postgresql db

Related issues