Using OAuth to retrieve the host
To keep your embedded apps secure, you're required to lock all communication to the host. The host
is provided as a URL query parameter appended to your application URL when your app is loaded inside the Shopify admin. The host
parameter is an encoded version of the shop origin that is required since App Bridge version 2.0.
After you’ve got the host
parameter, you can use it to initiate App Bridge and then store the App Bridge instance for the duration of the session. It is a good idea to re-use the same App Bridge instance because the host
parameter is only guaranteed on initial load of your app.
Verification
Anchor link to section titled "Verification"Each embedded application URL includes an hmac
query parameter that can be used to authenticate the request from Shopify.
To learn more about this process, review verifying requests from Shopify.