Shopify is introducing a new experience for building Custom Apps in the Shopify admin for better security and flexibility than the Private API keys. Let's review how it works.
February 8th, 2022
Shopify is introducing a new experience for building Custom Apps in the Shopify admin for better security and flexibility than the Private API keys. Let's review how it works.
Shopify is introducing a new experience for creating, configuring, and building custom apps from within the Shopify admin. Custom apps support the same functionality as private apps do today, however they provide better security. Let's review the old, and new processes of extending your Shopify store using Custom Apps and API integration.
In previous app projects, our Shopify development team would utilize the private API feature to gain direct access to a Shopify store. This process provided a token and password for making direct API calls to that specific shop. The tokens were accessible by any store admin or collaborator with the proper credentials. It was thought that this access could pose a security risk.
Starting in January 2022, private apps are replaced by Custom Apps that grant access to store data or storefront extensions however with additional security measures. Any existing private app can still be used and modified however going forward Shopify will only allow for Custom Apps from within the Admin Apps services.
Shopify introduced the Custom App option a few years ago for Partner developers only. Shopify is now bringing Custom Apps directly to store merchants from within their Admin site.
A "Custom App" is an app developed exclusively for a single Shopify store (unlike a public app, which is built to be used by many stores). Shopify is replacing the "private app" option with all new Custom App capabilities and features.
Custom Apps are used to add features to the Shopify admin, access store data or to integrate with the Storefront API. Creating a custom app requires development and integration experience so you may need a skilled expert to assist. This is where the Sunrise Integration Shopify team can help. Contact our Shopify experts if you need help creating a custom app for your store.
Shopify wanted to add more security measures to the API process and the custom app features are a solution to this desire. By adding these security steps, store owners will feel confident that their data is protected from unwanted access.
The first security step requires a store merchant to enable the new custom app feature. Store owners must first enable the custom app development features before a token can be created. This prevents any collaborator or staff account from creating an API key without proper permission from the store owner.
Once enabled, the new app settings become accessible from within the Apps page in the Shopify Admin. All of the required API scopes and subscriptions are configured on this page. To activate the app it must be installed in the store. This installation step is the next new security measure that was not previously required for private apps. Only after installation can the app be used within the store.
Another newly added security measure is the one-time access to the secret token. The Admin API access token can only be viewed once to protect access to sensitive store data.
Do you need an app for your Shopify store? The type of app you need depends on its purpose and how you want to use it or sell it. Make sure you team up with an experienced partner to help you create the right app for your business. Sunrise Integration brings 20+ years of app and ecommerce experience to every project.
