I'm new to shopify app development and trying to build a shopify app with node and followed this post here. Everything worked as explained, but I have things to get clarified, may be very basic things.
My question is where to specify the link that's directed when shop owner select my app from the installed apps list of the shop?
As I understood from the post above App URL given in the App info section of the app is used for installation process and from there it's redirected to one of the Whitelisted redirection URL(s) as defined in the app for HMAC validation and exchanging a permanent access token to access the shops' admin API later.
Now Once my test-app is installed to a shop and when the app is selected from the installed apps list, the request again goes to the App URL and get redirected to callback URL generating a new access token. If this is how it is supposed to be, why it's called a permanent access token and need to be stored? If this not how it should be how to specify a url to direct when the app is selected from the installed app list?
In Short
where to define the url to direct when a shop admin select the app from is installed apps section of the shop like shown below.
After install the HMAC validation and temp code is just to get the permanent token, which you should then store securely in a database.
You don't have to show any of that process to the user using your app; you can have it happen in the background and then redirect to whatever route you like after you have the permanent token.
Related
When the app review team uninstall and reinstall my app with their automated tools, they are getting an error because the uninstall webhook has not yet triggered the delayed job to delete the Shop record. I think that's then tripping up the install process because it is finding the old shop record with an invalid access token.
I've been advised that:
You should not be relying on an uninstalled webhook to determine a shop's status with your app. instead, each time a shop hits your app,
you should make a request to your server to first determine if the
access token you have for them is valid (if so, they have your app
installed - if not, redirect to OAuth) and then from there check for a
valid charge ID using the billing API (if not, redirect to billing
page).
How should I check the api key validity? When the app is installed they are redirected through splash page, so I need to somehow know if it's a new install and if it is, check the access token somehow?
It's really hard to tell what's wrong without knowing your architecture or request auth flow, so the solution could be somewhere else. Embedded apps redirect to shopify domain where Shopify checks if app URL is added to the store. If not it will return "There is no page at this address".
Answering your question -> the easiest way would be to make an API to /admin/shop.json request and see if you get a 401.
I've implemented embed app installation process and got access token for shop on backend. How do i supposed to authenticate user when he open the app now? There is no shop name and hmac in query string when user open my app.
When you get a token back, for a shop, you are supposed to store that token in your persistence layer so you can re-use it, and to start a session. Whenever Shopify sends a request to your app they include the shop name so you can look it up and get the token and start a session. Requests without a shop name and no session spell re-authentication time.
Are you missing the part about starting a session? If someone is trying to access your App without authenticating, you need to block that access obviously. The tricky thing is ensuring all requests from your App to your App include the shop name so that if the session you started expires, you have a chance of re-authenticating one.
I have created an app in shopify and after installing it in the store, I want when I click on the app then it will redirect to other domain like www.abc.com instead of open it in the shopify admin.
I have checked this type of functionality in many apps but don't know how to implement it. Please help me to solve this issue.
Thanks
Firstly, you need to create account as Shopify partners. Once you sign-in in your account, you will see Apps on the left side of the dashboard. You will see Redirection URL in the options available. You can also give name and other details of your app in this session.
most likely your app is an embedded app that is why it is not opening new tab upon clicking from admin app listing. you first understand whether your app required embedding functionality or not.
I am building an app with the functionality to publish
messages to users walls while specific actions runs on
my website.
What I have done is (briefly):
Registered my own app on Facebook
Added a login button on my website with permission
to publish:
Log in on Facebook
Downloaded facebook-php-sdk library
It is now I start having problems. I do not know how
to do what I want to do now.
What I want to do:
When a user logs on to facebook via my website. I want
a file on my site to be called, where I can update the
user's data in my own database as well.
Because that is not what the canvas url is meant to do? How it
is no, seems no file at all is called on my site when
I click on Login.
Since you are using the Facebook PHP-SDK you noticed that there are two options for the users to login:
Using the XFBML button, which will:
Open a login dialog (pop-up) asking for permissions..etc
When a successful authentication/authorization is complete the dialog will close, the auth.login event will be triggered and based on that the page will get reloaded window.location.reload();
The PHP in the top of the page will get into business and $session = $facebook->getSession(); will actually retrieve a session! $user = $facebook->getUser(); will retrieve the current user
Using the Login URL generated by the Library $loginUrl = $facebook->getLoginUrl(); this URL will get you through the same flow and if you noticed there's a next redirect_uri parameter which will redirect you back after a successful process to that URL (mainly the same URL you are at), where you can change that parameter if you like.
The canvas URL is the URL Facebook uses when it displays your application from within Facebook. You would use this functionality if you expect users to use your application while in Facebook itself.
When authenticating using Facebook's API (assuming graph API usage here), you provide a redirect_uri as part of the authentication URL. Once Facebook has authorized your application, it will redirect the user's web browser to the URI you specified. This URI can be any link you desire on your site. You should use the link as the determination of when the user is logged in successfully, e.g., https://mywebsite/facebook/loggedin.
I'm building a custom CMS for my clients and i've implemented the Facebook API for posting on Page Walls as admin. All works well but I do have one question. Let's say the FB app name is 'CMS FB APP'.
The CMS will reside on my clients' servers, is it possible to use 'CMS FB APP' for all of my clients? Or do I have to create an application for each CMS that I install on every different server?
In the app settings I have to set a Site URL and Site Domain but this is for each client different, I don't seem to find a solution for this problem.
If you are using authentication, you have to create a separate app for each url where your app will be hosted. You will receive an error when the user tries to log in with facebook. Facebook requires that your 'next' and 'cancel' urls in the authentication return urls be on the same domain as your app's Site Url. One solution would be to setup an app with a base url such as example.com and have each client on their own subdomain like client1.example.com, client2.example.com, etc. Short of that, you are stuck making separate apps.
It worked for me when using App domains options in facebook app settings.You can enter multiple domains as App domains
The redirect_uri you use in your code must have the same base domain as that specified in the App Domains.