ID Token API
The ID Token API retrieves an OpenID Connect ID Token from Shopify as a JWT string. Your backend can verify this token to confirm that a request came from an authenticated Shopify user.
In most cases, you don't need to call this method directly. App Bridge's fetch interceptor automatically includes the ID token in the Authorization header for requests to your app's domain. Use shopify.idToken() directly when you need the token for something other than a standard fetch request, such as a WebSocket connection or a third-party API call.
For more information, see the session token documentation.
Anchor to Use casesUse cases
- Backend authentication: Verify requests to your backend are from a Shopify-authenticated user.
- Session validation: Validate user sessions without requiring traditional cookie-based authentication.
- Secure communication: Exchange ID tokens for secure communication between your app frontend and backend.
- Third-party auth: Pass ID tokens to third-party services that support OpenID Connect verification.
Anchor to IdTokenApiId
Id
The API is available on the shopify global. It returns a Promise that resolves to a JWT string.
Anchor to IdTokenApi-returnsReturns
Promise<string>Promise<string>
Was this page helpful?