Sorry, similar questions have been asked before, but I am still confused.
Background
-
My app is currently in development. It will be a public, non-embedded app.
-
I have a partner account with a development store up and running for testing.
-
The app will only integrate with stores on the Orders page via extension links.
-
I used the Shopify app generator to create a basic app, just so I could get it initially added to my partner account.
-
I have a website that will be the target of the extension links.
-
I have created a landing page at my website to be the target of my Shopify app.
-
I know my apiKey and apiSecret from my App on my Shopify Partners page.
Now, when I go to my App on my Shopify Partners account, there is a “Test your app” section. I select the store, it goes to an authorization page for the store saying my app will want access to Orders (and other things). I agree and it transfers navigation to my website, just like I expect.
Here’s where doesn’t act like I expect. When it navigates to my website, it sends these parameters:
-
hmac
-
host
-
shop
-
timestamp
I don’t see how my website can authenticate and call the Shopify API using that information. The docs hint that an additional “code” parameter would be passed, but it’s not there.
Questions:
-
Is the act of selecting my store for testing supposed to act like a user installed the App from the Shopify App store?
-
Should I be receiving additional information I can use to authenticate with the Shopify API (so I can read orders) from my website?
I sure would appreciate help. Can you help me understand what is going on? Anyone have a link to some code or an article that would help me?