---
title: Custom backend
description: >
  You can use a custom backend to handle requests from your Mini. This page
  describes how to connect to your backend and verify requests.
api_name: shop-minis
source_url:
  html: 'https://shopify.dev/docs/api/shop-minis/custom-backend'
  md: 'https://shopify.dev/docs/api/shop-minis/custom-backend.md'
---

# Custom backend

You can use a custom backend to handle requests from your Mini. This page describes how to connect to your backend and verify requests.

***

## Verifying requests

You can verify a request originates from a user in the Shop app by attaching a temporary token to the request inside the Mini and exchanging it for a user identifier on your backend.

1. Generate a temporary token using the [`useGenerateUserToken`](https://shopify.dev/docs/api/shop-minis/hooks/usegenerateusertoken) hook.
2. Attach the token in the headers of your [`network request`](https://shopify.dev/docs/api/shop-minis/network-requests).
3. Verify the token using the [`userTokenVerify`](https://shopify.dev/docs/api/shop-minis/minis-admin-api/mutations/usertokenverify) mutation in the Shop Minis Admin API.

This is useful for identifying the user making the request and for rate limiting requests to your backend.

Setup your Mini

You must run the [`setup`](https://shopify.dev/docs/api/shop-minis/commands/setup) command and include the `openid` scope in your [`manifest.json`](https://shopify.dev/docs/api/shop-minis/manifest-file) before you can use the [`useGenerateUserToken`](https://shopify.dev/docs/api/shop-minis/hooks/usegenerateusertoken) hook.

Caching lookups

Ensure you cache the token exchange lookup to avoid unnecessary requests to the Shop Minis Admin API. You can use the `tokenExpiresAt` field in the response to invalidate the cache when the token expires.

***

## Example

This [`reference implementation`](https://github.com/Shopify/shop-minis/blob/main/supabase/README.md) shows how to securely authenticate Shop Mini users and process their requests using Supabase Edge Functions. This guide can be extrapolated to other backend services.

***