Hide API credentials in Shopify?
I'm using AJAX to get some data from 3rd party service using API access key in Shopify store. However, those credentials are visible outside and not secure. How do I hide my API key and make the code run on the server side (since Shopify doesn't support PHP)?
Shopify is an API driven service. It supports most modern scripting languages including PHP. Simply open your partner dashboard, and make an App. With an App you can set up an endpoint that acts as a Proxy. With the Proxy, you can make Ajax calls to your Proxy from your front-end, securely, with no need to embed any credentials. Use the Proxy to now securely call your third-party service, knowing your credentials are safe and secure in your own App. Whatever data your third-party service returns to you, you can now return to your Shopify front-end as JSON, Liquid or whatever you desire.
This is a simple pattern, in place for many years, and will perfectly support your common use case.
Didn't find the answer?
Our community is visited by hundreds of Shopify development professionals every day. Ask your question and get a quick answer for free.
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.