Silent authenticate customer via Shopify API
We have set up a Shopify store for our brand. We have users already logged into our web app and our mobile app. Our goal is to manage the whole user journey under a single authentication (that being our web app and mobile app login). When the user then visits the store section in the web app and the mobile app, the app should silently login to the Shopify store with the same credentials of their existing accounts.
For this, I found that we can create a new customer here (https://shopify.dev/docs/admin-api/rest/reference/customers/customer?api%5Bversion%5D=2020-04). My questions are:
- Is this the correct way of managing the users?
- Is it a good practice to manage users this way?
- What are the scopes needed to use this endpoint?
No, this is not the correct way to approach the problem that you have described above. If you do the way you have explained, few of the issues that you would run in to are
- Keeping Shopify users' passwords in sync with your system.
- Hack around Shopify login page to send POST requests and then redirect.
Shopify offers the Multipass feature in scenarios like these. From Shopify Docs (https://shopify.dev/docs/admin-api/rest/reference/plus/multipass)
Multipass login is for store owners who have a separate website and a Shopify store. It redirects users from the website to the Shopify store and seamlessly logs them in with the same email address they used to sign up for the original website. If no account with that email address exists yet, one is created. There is no need to synchronize any customer databases.
You can read the Multipass documentation and have to generate only a valid redirect link and user will be logged in seamlessly. However, do note that this feature is only available on Shopify Plus plans.
Didn't find the answer?
Find the answer in similar questions on our website.