Shopify data security
To safeguard sensitive data from unauthenticated shoppers, it's crucial to keep in mind that when developing a Shopify app using the Storefront API provides unauthenticated access, with Shopify managing the authentication. This streamlined approach simplifies the process of making Storefront API requests, but leaves a huge risk for data exposure if security practices and measures aren't taken into account.
Built-in security measures
When initiating requests from a Shopify storefront, several API and data security measures have been implemented:
Browser-based API client creation restriction
The system prevents the creation of API clients using API keys within web browsers. This precautionary step ensures that API keys are not inadvertently exposed. Consequently, any in-browser API clients will automatically receive the unauthenticated access role in Gadget.
Limited access for unauthenticated role
The unauthenticated access role is intentionally restricted from accessing most Shopify models. This is a vital safeguard against inadvertent exposure of personally identifying information (PII) and other sensitive data.
Protected access tokens
Access tokens stored on the shopifyShop model are intentionally omitted from the response when accessed through your Gadget app's public API. This measure prioritizes security and privacy. Nonetheless, these tokens can still be accessed via the internal API, should the need arise for server-side operations.
Data security practices
Despite the built-in security measures taken place, there are still several severe security risks that could possibly occur due to the API design of your application. That's why it's crucial to perform certain sanity checks and practices to ensure you minimize security risks for your application.
Audit API access
A lot of the data that can be found in your Gadget database is typically non-public data and should be kept safe. You should never give non-vetted access to your API.
Giving end users of your app access to your API should always be done consciously and with lots of scrutiny. Avoid unauthenticated access to sensitive model actions, the default role and the permissions you set can give malicious users access to data that they should not have. This is why we recommend that developers take the time to think through which models roles are given access to.
Use global actions for controlled data access
When constructing global actions in Gadget, exercise caution to avoid disclosing sensitive data to unauthenticated users and retrieve only the requisite data needed. Utilize the integrated roles and permissions system for authorization, ensuring controlled data access and enhancing overall data security within your application.
JavaScript1import { GetPlanDetailsGlobalActionContext } from "gadget-server";23/**4 * @param { GetPlanDetailsGlobalActionContext } context5 */6export async function run({ params, logger, api, scope }) {7 // Query the shopifyShop model for the plan8 const shop = await api.shopifyShop.maybeFindOne(params.shopId, {9 select: {10 plan: {11 features: true,12 },13 },14 });1516 // Check that there is a plan17 if (shop.plan) {18 return shop.plan.features; // Return the features to the storefront19 }20 // If there is no plan, the returned result will be null21}2223export const params = {24 shopId: {25 type: "string",26 },27};
Safeguard HTTP Routes
Global actions should generally be utilized when dealing with sensitive data because of the built-in security around implementing them, HTTP routes in Gadget however are devoid of Gadgets built-in security measures. If the need arises to serve sensitive data through routes, you can implement route protection using Gadget's authentication plugin.
Appropriately grant access to model read actions with non-sensitive data
If a data model contains non-sensitive information, it's acceptable to grant unauthenticated users access to that model's API. Ensure that minimum permissions are granted, preventing shoppers from creating or updating records while allowing them to read data.
Use the storefront api to fetch Shopify data
Utilize the Shopify Storefront API for retrieving Shopify data. However, it is essential to note that setting up Storefront API request handling requires independent configuration, as Gadget does not directly interface with it. This approach is suitable if you exclusively require data accessible through the Storefront API. Otherwise you can alternatively set and use metafields.