tokenExchange.md

shopify.auth.tokenExchange

Begins the OAuth process by exchanging the current user's session token for an access token to make authenticated Shopify API queries.

Learn more:

• Token Exchange

Examples

Node.js

app.get('/auth', async (req, res) => {
  const shop = shopify.utils.sanitizeShop(req.query.shop, true);
  const headerSessionToken = getSessionTokenHeader(request);
  const searchParamSessionToken = getSessionTokenFromUrlParam(request);
  const sessionToken = (headerSessionToken || searchParamSessionToken)!;

  await shopify.auth.tokenExchange({
    sessionToken,
    shop,
    requestedTokenType: RequestedTokenType.OfflineAccessToken, // or RequestedTokenType.OnlineAccessToken
  });
});

function getSessionTokenHeader(request) {
  // Get session token from header `authorization`
  // Header Format is: "{"Authorization", "Bearer this-is-the-session-token"}
  // Return "this-is-the-session-token" from request header
}

function getSessionTokenFromUrlParam(request) {
  // Get session token from the request URL param
  // The param is "id_token"
  // Example: "${app_url}/?shop=${shop}&id_token=this-is-the-session-token"
  // Return "this-is-the-session-token" from URL param
}

Parameters

sessionToken

string | ❗ required

The current user's session token, can be found in:

1. Request header:

{
    "Authorization": "Bearer this-is-the-session-token
}

2. URL Param:

'${APP_URL}/?shop=someshop.myshopify.com&id_token=this-is-the-session-token

shop

string | ❗ required

A Shopify domain name in the form {exampleshop}.myshopify.com.

requestedTokenType

enum | ❗ required

RequestedTokenType in token-exchange.ts

• RequestedTokenType.OnlineAccessToken - Learn more about online tokens
• RequestedTokenType.OfflineAccessToken - Learn more about offline tokens

Return

Promise<Session>

The new Shopify Session object, containing the API access token.

Back to shopify.auth