CODEWITHSUNDEEP
shopify
userMod2
userMod2

Reputation: 8960

Shopify - Making an API request to update user's email

Using the Shopify Admin API - I've been able to update a user's email address.

I've tested it with Postman, passing in a private app secret key.

Now I want to have this functionality on an actual page however have some questions:

Has anyone had any experience/ideas/suggestions for a simply way to do this?

Any help appreciated.

Thanks.

Upvotes: 1

Views: 376

Answers (1)

Subhrajyoti Das
Subhrajyoti Das

Reputation: 2710

Issue: Your issue is here that you want to verify if the email change request is a valid call or not? Then if you find it valid then you make the API call to update it.

My Solution
Create a page in Shopify with your form to update email. Show the page only to logged in users. When a user lands in the page show them the form to pass the new email they want. This where you need to add a few things so as to validate the requests. When the page loads create a hashed string from the Shopify Backend like below.

{% if customer != nil %}
  {% assign timestamp = 'now' | date: "%s" %} //epoch time stamp
  token = {{ customer.email | append: '<random_string>' | append: timestamp | sha256 }}
{% endif %}

Whenever a request is made for a change of email validate the SHA256 code at your end by creating a hash at your server. If the hash is valid update the email. Make sure you pass the timestamp and old email in the request you make.

Security issues you need to take care of -

  1. You need to validate timestamp always For eg. It should not be 10 secs in the future or 10 secs in the past.
  2. Your random string can also be brute forced. So keep updating the random string regularly using Assets API. It is very unlikely but why take the risk.

Upvotes: 1

Related Questions