Gadget framework
Glossary
FAQ

Shopify data security 

To safeguard sensitive data from unauthenticated shoppers, it's crucial to keep in mind that when developing a Shopify app using the Storefront API provides unauthenticated access, with Shopify managing the authentication. This streamlined approach simplifies the process of making Storefront API requests, but leaves a huge risk for data exposure if security practices and measures aren't taken into account.

Built-in security measures 

When initiating requests from a Shopify storefront, several API and data security measures have been implemented:

Browser-based API client creation restriction 

The system prevents the creation of API clients using API keys within web browsers. This precautionary step ensures that API keys are not inadvertently exposed. Consequently, any in-browser API clients will automatically receive the unauthenticated access role in Gadget.

Limited access for unauthenticated role 

The unauthenticated access role is intentionally restricted from accessing most Shopify models. This is a vital safeguard against inadvertent exposure of personally identifying information (PII) and other sensitive data.

Protected access tokens 

Access tokens stored on the shopifyShop model are intentionally omitted from the response when accessed through your Gadget app's public API. This measure prioritizes security and privacy. Nonetheless, these tokens can still be accessed via the internal API, should the need arise for server-side operations.

Data security practices 

Despite the built-in security measures taken place, there are still several severe security risks that could possibly occur due to the API design of your application. That's why it's crucial to perform certain sanity checks and practices to ensure you minimize security risks for your application.

Audit API access 

A lot of the data that can be found in your Gadget database is typically non-public data and should be kept safe. You should never give non-vetted access to your API.

Giving end users of your app access to your API should always be done consciously and with lots of scrutiny. Avoid unauthenticated access to sensitive model actions, the default role and the permissions you set can give malicious users access to data that they should not have. This is why we recommend that developers take the time to think through which models roles are given access to.

Use global actions for controlled data access 

When constructing global actions in Gadget, exercise caution to avoid disclosing sensitive data to unauthenticated users and retrieve only the requisite data needed. Utilize the integrated roles and permissions system for authorization, ensuring controlled data access and enhancing overall data security within your application.

JavaScript
1import { GetPlanDetailsGlobalActionContext } from "gadget-server";
2

3/**
4 * @param { GetPlanDetailsGlobalActionContext } context
5 */
6export async function run({ params, logger, api, scope }) {
7  // Query the shopifyShop model for the plan
8  const shop = await api.shopifyShop.maybeFindOne(params.shopId, {
9    select: {
10      plan: {
11        features: true,
12      },
13    },
14  });
15

16  // Check that there is a plan
17  if (shop.plan) {
18    scope.result = shop.plan.features; // Return the features to the storefront
19  }
20  // If there is no plan, scope.result will equal null
21}
22

23export const params = {
24  shopId: {
25    type: "string",
26  },
27};

Safeguard HTTP Routes 

Global actions should generally be utilized when dealing with sensitive data because of the built-in security around implementing them, HTTP routes in Gadget however are devoid of Gadgets built-in security measures. If the need arises to serve sensitive data through routes, you can implement route protection using Gadget's authentication plugin.

Appropriately grant access to model read actions with non-sensitive data 

If a data model contains non-sensitive information, it's acceptable to grant unauthenticated users access to that model's API. Ensure that minimum permissions are granted, preventing shoppers from creating or updating records while allowing them to read data.

Use the storefront api to fetch Shopify data 

Utilize the Shopify Storefront API for retrieving Shopify data. However, it is essential to note that setting up Storefront API request handling requires independent configuration, as Gadget does not directly interface with it. This approach is suitable if you exclusively require data accessible through the Storefront API. Otherwise you can alternatively set and use metafields.