Shopify Liquid / API: Accessing another customers' metafield data in liquid - shopify

I'm working with a client that wants to build some custom rudimentary affiliate functionality. The requirement includes two types of users: "owners" who are technically the affiliates and "customers". We are planning to use metafields to assign owners to customers (simply an integer metafield in the customer object that holds the owners userid, managed by a site admin). We would like to create a liquid template, accessible by the owners, that show a list of their customers and some customer and order metafield data. This requires one user (the owners) to be able to each into another user's (customers) metafield data. Is this possible in liquid without creating an externally hosted app?
If not, I assume this is possible via the API. In that case, is it possible to use the API right in liquid without creating an externally hosted app?
Thanks!

No, Shopify does not allow you to access customer objects (and by extension, metafields on other customer objects) other than the customer that is currently logged in.
To access arbitrary customer information, you will need to set up an app with admin permissions to access customers. While technically you could make admin API calls through the front-end, doing so would require exposing admin-level API credentials and would be a Very Bad Idea.
You will definitely want an externally-hosted app to run this code on, as the app you are describing will have access to PII and other sensitive data.

Related

Difference between Shopify partner and Shopify admin

1.What is the major difference between Shopify partner and Shopify admin?
2.How to connect both?
3.Reason behind 2nd question is
only in partner site we can see the status of API health and
I can only see order/customer/product details in Shopify admin not in partner. In my use case I want to see order/customer/product details and also want to test GDPR webhooks. How it is possible?
A partner account can be created on https://en.shopify.hk/partners. When you create a Shopify Partners account, you gain access to a Partners dashboard, and you will become a Shopify Partner. By creating a partner account, you would become an admin of the partner account will be able to:
Create Development Stores: those are stores that you can create for free and use them to develop new Shopify themes, apps etc. Development stores do not have a monthly recurring hosting fees. However, they are password protected, and cannot accept any form of payments as the purpose is to either develop and/or test themes and apps. After setting up a development store, you can also change it to a Managed Store by transferring ownership of the store to a client who will then pay for the hosting, and make the store functional. This client will then become the admin of the store.
Create Managed Stores: those are stores that you create to sell; you pay a monthly hosting fees depending on the pricing plan you select, and users will be able to make payments through those stores.
Develop public/custom/private apps.
Link to specific stores: if you want to update the code on another merchant's store, which you did not create, you can click link the store by adding a Managed Store, then input their store URL, and send them a Collaborator Access Request. Upon accepting your request, their store would appear in your partner dashboard and you can access their store dashboard to see orders, customers etc. On the list of stores in the partner dashboard, you will see a Log In link to login to the dashboard of each store individually.
Add members: you can add members to your Partner Dashboard and give them different roles, and access to specific stores linked to your partner account. This way, if you want multiple developers to work on a store you have access to, they can access those stores (although the store owner will not know who is accessing, they would only know that it's being accessed by your partner account specifically).
For each store linked to your partner account, you will see whether it is a Development Store, or if it's a Managed Store, you will see the plan chosen. For Managed Stores, you can also click on Actions and completely Remove access for yourself by unlinking your partner account from the store.
On the other hand, a Shopify admin account refers to an administrator account specific to a store. For example, if you own a store, you would be the store admin. Each store can only have one admin, and a selected number of staffs. The Basic Shopify plan can only have two staffs. However, each store can have unlimited collaborators which mean, each store can be linked to multiple Partner accounts. Partner accounts only gain access to what the store administrator provides them access with. When you send them a collaborator request, it asks you if you would like to request access to everything, or only specific parts of the store, such as themes/apps only.

How to allow a different company to use our web app?

We are developing a web app that has users and payments. We need to use it ourselves and we need to allow other companies to use it as well. All instances of the app must use the same database and the same payments account. And it's preferred that each front-end is completely separate.
Here are the ways I can think of:
1) Use OAuth. This is a perfect approach but I don't think each front-end can be completely separate - in other words each app instance would link to the same password and payment forms and then redirect back to the app instance when the user is done with the form.
2) Just give the other company the whole app and let them deploy a completely separate instance. The downside is that we would need to give them our database and payment credentials.
3) Load the front-end of our app into an iframe on their site. Is this even possible? If so it seems like it would meet all my requirements but it seems a bit hacky...not sure of all the drawbacks.
Are there any other options that would allow for the same database and payments account and completely separate front-ends?
Do you want the other company to use your company domain or sub domain or their own domain.?
Your company domain
In this case, create a separate login page. Once user is loggedin, create a custom UI for the logged in user and show the pages for user and payment. It is single UI and it can render based on the user preference like custom font, logs etc.
Company Subdomain
This is a popular model used in Software as Service business. Based on the subdomain, create the custom page and this page will access the services with cusomter id. You can also provide a module for the customer to upload the images, select the font etc.
All the services and transaction will have customer id and easy to track.
Customer domain
Expose the user and payment info as restful webservice and let the customer to create a webpage and use the exposed services.

When a Shopify store customer has logged in to his account on the store I want also make him log into my Shopify app

I have developed a Shopify app, I wonder if we can perform the following functionality :
when a customer has logged in to his account on the store I want to also log him into my app, in another word I want to make a customer account is the same as his account on my app.
One thing you know. A customer logged into a Shopify store has a visible ID to Javascript. You could thus use an App Proxy to securely pass back their ID to your App. Using that ID, you can offer functionality to that customer, in your App. As long as you restrict access to the Proxy, you'd be A-Ok security wise.
If you wanted to allow access to the App without Proxy calls, you'll have to put into place your own security, which as we know from experience, will likely be weak and or a calamity. Most people should never roll their own security patterns. If they login to the App, without Shopify Plus Multipass, you cannot log them into Shopify. So you have no other options AFAIK.

Building a shopify private or public app

I am trying to make a plan to update my client's shopify stores by building Shopify app or using external library. Basically, I want to provide my clients with some convenience by automating the inventory update, order process and extra stuff.
For now, I have only two scenarios.
Whenever my wholesale inventory changes, i want to update my client's shopify product list to be updated (quantity, price and product description) accordingly.
Whenever my client(shopify store owner) receives an order from his/her customer, i want the order information to be automatically transferred to my server.
If possible, I want my clients to be able to integrate with my application without any tech knowledge. I have looked into the Shopify app (public/private) and some external API(java), because I am a java developer.
I checked Shopify Java library which requires api key and password to be able to access shopify owner's store for product/order access, but I am not sure how user-friendly this approach is in terms of Shopify owner's side.
For Shopify public app, I am not familiar with it, so I am not sure how much I can do with it.
Could somebody provide some details about pros/cons about these approaches?
Thanks.
All you need to know is that with Shopify, you can connect to their shop using standard HTTPS. Even better, it's all GraphQL now. As for credentials, Shopify is fully modern and offers you two methods of getting credentials.
Your merchant client can create credentials with permissions right inside their Shopify Admin -> Apps. They give you the keys, you're in business
You get them (or you) to simply click install your App running at some HTTPS address, and you use oAuth to get the credentials.
Either way, makes no difference to the actual code you write to interact with their shop and deal with inventory, sales etc. You do not need to make your App public in the sense of App store, so you can use your partner dashboard to create an App and oAuth install, or like I said, use the private App way.

how to access shopify Products via API without api-key and password?

i want to develop a chrome extension to see stats for any store which develop in shopify, can i access any store products without API-Key and Password in shopify?
No, you cant access products json without using api-key or permanent token of the store.
But still you want to access the product details you atleast needs the handler of the product.
Lets say your store is "abc.myshopify.com" and handler of your product is "xyz", then you can product json of xyz by HTTP GET call in following url
https://www.abc.myshopify.com/products/xyz.json
in general
https://www.[storename]/products/[product-handle].json
You could try using the Shopify StoreFront API.
It allows to get information of your shop from from your own website or custom app. Although it doesn't need a API Password, it needs a Api Key that doesn't need to be a secret.
The documentation says this (the first point is the important):
Using the Storefront API, you can:
Fetch data about a single product or a collection of products to
display on any website or device.
Create unique checkout experiences
with full control over the shopping cart.
Create new customers or
modify existing ones, including address information.
Allow customers
to select unique product options.
There is no way shopify will provide store details (product list) without api authentication.
For your requirement, I would suggest to create a shopify app which will sync all product details to your storage and you can access data from there.