Custom backend
You can use a custom backend to handle requests from your Mini. This page describes how to connect to your backend and verify requests.
Anchor to Verifying requestsVerifying requests
You can verify a request originates from a user in the Shop app by attaching a temporary token to the request inside the Mini and exchanging it for a user identifier on your backend.
- Generate a temporary token using the
useGenerateUserTokenhook. - Attach the token in the headers of your
network request. - Verify the token using the
userTokenVerifymutation in the Shop Minis Admin API.
This is useful for identifying the user making the request and for rate limiting requests to your backend.
You must run the setup command and include the openid scope in your manifest.json before you can use the useGenerateUserToken hook.
You must run the setup command and include the openid scope in your manifest.json before you can use the useGenerateUserToken hook.
Ensure you cache the token exchange lookup to avoid unnecessary requests to the Shop Minis Admin API. You can use the tokenExpiresAt field in the response to invalidate the cache when the token expires.
Ensure you cache the token exchange lookup to avoid unnecessary requests to the Shop Minis Admin API. You can use the tokenExpiresAt field in the response to invalidate the cache when the token expires.
Anchor to Identifying usersIdentifying users
If you need access to the user's publicId, include the openid scope in your manifest.json. publicId will allow you to identify users across Minis.
Anchor to ExampleExample
This reference implementation shows how to securely authenticate Shop Mini users and process their requests using Supabase Edge Functions. This guide can be extrapolated to other backend services.