Ad

Would It Be A Bad Idea To Send The Shopify Access Token To The Client?

- 1 answer

Once the callback is successful, I get the token that is used for future shop requests.

This is also when I have the merchant create an account with us. So I cannot save the token to their account until they create an account obviously.

is it safe to send the token via EJS from the server to the client side?

Is there a better approach to this I should do also?

Ad

Answer

You should NOT send tokens for access to clients. If they approved your App and you have a token, save it and instead, send them a marker along with their account creation codes... so that when they finish that up, you know who they were, and can match the token to them in the future.

Ad
source: stackoverflow.com
Ad