Open KozakRoman opened 8 years ago
myjanky
commented
8 years ago @KozakRoman the first auth compares your api key and shared secret to shopify to determine if it is a valid request Then Oauth sends request back to shopify for permissions to use such as "read_content" (aka scopes) etc... Please see this for the steps on auth. https://help.shopify.com/api/guides/authentication/oauth
KozakRoman
commented
8 years ago Thank you for your quick reply. Could we just start installation process without this first request(valid request)?
myjanky
commented
8 years ago Kind of. You could set up a private app and bypass the oauth completely. https://github.com/phpish/shopify_private_app-skeleton
Keep in mind that a private app has full access to all scopes and then some. So, be careful how you handle the api key and secret. If these are exposed, your shop could be compromised by a knowledgeable attacker.
We make first shopify installation app request like this
http://shop-name.myshopify.com/admin/api/auth?api_key=xyzfrom install.php file. After this we make second requesthttps://shop-name.myshopify.com/admin/oauth/authorize?client_id=$api_key$scopes$redirect_urifrom oauth.php file. Why do we need this first request? Could we just start installation process without this first request?