Reputation: 11
How to use delegate token for storefront API Shopify?
I made a node application based on storefront API of shopify. However there are rate limit per ip address imposed. Due to this I can execute certain Graphql queries a set amount of time. For example, password reset only works 2 times and after that it show Limit Exceeded error, after which I need to wait for 60 seconds. The issue is I have deployed application as lambda function and the IP will always be the same. I found the solution on storefront API stating I need to use delegate token and user IP to as header while sending the request. But I did not quite understand.
Can someone please help me how should I use delegate token in my node application, so that the whenever a request is sent it uses the client browser IP instead of the AWS server!
Upvotes: 1
Views: 936
Answers (1)
Reputation: 11
Ok, believe I figured it out.
First thing you to do is create a delegate token using this endpoint (POST).
https://{{shopify_store_name}}.myshopify.com/admin/access_tokens/delegate.json
Your POST should look something like this:
{
"delegate_access_scope": ["unauthenticated_write_checkouts"]
}
I suggest you go into your shopify store front API and view which permissions the storefront API has and use something similar. Note that your admin API needs to at least have those permissions to grant them.
Also note that the customerRecover needs the "unauthenticated_write_checkouts" permission to be called.
After you created that token (And this was the problem I had) REMOVE the X-Shopify-Storefront-Access-Token from your header, and REPLACE it with Shopify-Storefront-Private-Token
Remove:
X-Shopify-Storefront-Access-Token : {{{Storefront Token}}}
and Replace with:
Shopify-Storefront-Private-Token : {{{Your delegate token}}}
You will also need to forward your customers API address in the header by grabbing it out of the context and putting into the header as well
Shopify-Storefront-Buyer-IP' : this.sourceIp
After I did this, I noticed my rate limiting on forgot password was IP based on the client hitting it and not the servers IP being throttled.
Hope this helps!
Upvotes: 1
Related Questions
- How to integrate third party API in Shopify?
- @shopify/shopify-api nodejs - Set permanent access token for private app installed on only one store
- Shopify Storefront API access cart created in web store
- How to get/generate access token of storefront API
- How to access a token in session (Shopify Access Token)
- Can not get Shopify online access token
- Shopify access Token returning null
- Shopify APP API
- Unable to receive a permanent access token for my Shopify App