# App proxy
[App proxies](/docs/apps/online-store/app-proxies) take requests to Shopify links, and redirect them to external links.
The `authenticate.public.appProxy` function validates requests made to app proxies, and returns a context to enable querying Shopify APIs.
> Note: If the store has not installed the app, store-related properties such as `admin` or `storefront` will be `undefined`
### Authenticate and fetch product information
```typescript
import type {LoaderFunctionArgs} from '@remix-run/node';
import {authenticate} from '../shopify.server';
export const loader = async ({request}: LoaderFunctionArgs) => {
const {storefront, liquid} = await authenticate.public.appProxy(request);
if (!storefront) {
return new Response();
}
const response = await storefront.graphql(
`#graphql
query productTitle {
products(first: 1) {
nodes {
title
}
}
}`,
);
const body = await response.json();
const title = body.data.products.nodes[0].title;
return liquid(`Found product ${title} from {{shop.name}}`);
};
```
## authenticate.public.appProxy
Authenticates requests coming to the app from Shopify app proxies.
### AuthenticateAppProxy
#### Returns: Promise<AppProxyContext | AppProxyContextWithSession>
#### Params:
- request: Request
export type AuthenticateAppProxy = (
request: Request,
) => Promise<AppProxyContext | AppProxyContextWithSession>;
### AppProxyContext
### session
value: `undefined`
No session is available for the shop that made this request.
This comes from the session storage which `shopifyApp` uses to store sessions in your database of choice.
### admin
value: `undefined`
No session is available for the shop that made this request. Therefore no methods for interacting with the GraphQL / REST Admin APIs are available.
### storefront
value: `undefined`
No session is available for the shop that made this request. Therefore no method for interacting with the Storefront API is available.
### liquid
value: `LiquidResponseFunction`
A utility for creating a Liquid Response.
### LiquidResponseFunction
#### Returns: Response
#### Params:
- body: string
- initAndOptions: number | (ResponseInit & Options)
export type LiquidResponseFunction = (
body: string,
initAndOptions?: number | (ResponseInit & Options),
) => Response;
### Options
### layout
value: `boolean`
Whether to use the shop's theme layout around the Liquid content.
### AppProxyContextWithSession
### session
value: `Session`
The session for the shop that made the request.
This comes from the session storage which `shopifyApp` uses to store sessions in your database of choice.
Use this to get shop or user-specific data.
### admin
value: `AdminApiContext<Resources>`
Methods for interacting with the GraphQL / REST Admin APIs for the store that made the request.
### storefront
value: `StorefrontContext`
Method for interacting with the Shopify Storefront Graphql API for the store that made the request.
### liquid
value: `LiquidResponseFunction`
A utility for creating a Liquid Response.
### Session
Stores App information from logged in merchants so they can make authenticated requests to the Admin API.
### id
value: `string`
The unique identifier for the session.
### shop
value: `string`
The Shopify shop domain, such as `example.myshopify.com`.
### state
value: `string`
The state of the session. Used for the OAuth authentication code flow.
### isOnline
value: `boolean`
Whether the access token in the session is online or offline.
### scope
value: `string`
The desired scopes for the access token, at the time the session was created.
### expires
value: `Date`
The date the access token expires.
### accessToken
value: `string`
The access token for the session.
### onlineAccessInfo
value: `OnlineAccessInfo`
Information on the user for the session. Only present for online sessions.
### isActive
value: `(scopes: string | string[] | AuthScopes) => boolean`
Whether the session is active. Active sessions have an access token that is not expired, and has the given scopes.
### isScopeChanged
value: `(scopes: string | string[] | AuthScopes) => boolean`
Whether the access token has the given scopes.
### isExpired
value: `(withinMillisecondsOfExpiry?: number) => boolean`
Whether the access token is expired.
### toObject
value: `() => SessionParams`
Converts an object with data into a Session.
### equals
value: `(other: Session) => boolean`
Checks whether the given session is equal to this session.
### toPropertyArray
value: `(returnUserData?: boolean) => [string, string | number | boolean][]`
Converts the session into an array of key-value pairs.
### OnlineAccessInfo
### expires_in
value: `number`
How long the access token is valid for, in seconds.
### associated_user_scope
value: `string`
The effective set of scopes for the session.
### associated_user
value: `OnlineAccessUser`
The user associated with the access token.
### OnlineAccessUser
### id
value: `number`
The user's ID.
### first_name
value: `string`
The user's first name.
### last_name
value: `string`
The user's last name.
### email
value: `string`
The user's email address.
### email_verified
value: `boolean`
Whether the user has verified their email address.
### account_owner
value: `boolean`
Whether the user is the account owner.
### locale
value: `string`
The user's locale.
### collaborator
value: `boolean`
Whether the user is a collaborator.
### AuthScopes
A class that represents a set of access token scopes.
### has
value: `(scope: string | string[] | AuthScopes) => boolean`
Checks whether the current set of scopes includes the given one.
### equals
value: `(otherScopes: string | string[] | AuthScopes) => boolean`
Checks whether the current set of scopes equals the given one.
### toString
value: `() => string`
Returns a comma-separated string with the current set of scopes.
### toArray
value: `() => any[]`
Returns an array with the current set of scopes.
### SessionParams
### [key: string]
value: `any`
### id
value: `string`
The unique identifier for the session.
### shop
value: `string`
The Shopify shop domain.
### state
value: `string`
The state of the session. Used for the OAuth authentication code flow.
### isOnline
value: `boolean`
Whether the access token in the session is online or offline.
### scope
value: `string`
The scopes for the access token.
### expires
value: `Date`
The date the access token expires.
### accessToken
value: `string`
The access token for the session.
### onlineAccessInfo
value: `OnlineAccessInfo | StoredOnlineAccessInfo`
Information on the user for the session. Only present for online sessions.
### StoredOnlineAccessInfo
Omit<OnlineAccessInfo, 'associated_user'> & {
associated_user: Partial<OnlineAccessUser>;
}
### AdminApiContext
### rest
value: `RestClientWithResources<Resources>`
Methods for interacting with the Shopify Admin REST API
There are methods for interacting with individual REST resources. You can also make `GET`, `POST`, `PUT` and `DELETE` requests should the REST resources not meet your needs.
### graphql
value: `GraphQLClient<AdminOperations>`
Methods for interacting with the Shopify Admin GraphQL API
### RestClientWithResources
RemixRestClient & {resources: Resources}
### RemixRestClient
### session
value: `Session`
### get
value: `(params: GetRequestParams) => Promise<Response>`
Performs a GET request on the given path.
### post
value: `(params: PostRequestParams) => Promise<Response>`
Performs a POST request on the given path.
### put
value: `(params: PostRequestParams) => Promise<Response>`
Performs a PUT request on the given path.
### delete
value: `(params: GetRequestParams) => Promise<Response>`
Performs a DELETE request on the given path.
### GetRequestParams
### path
value: `string`
The path to the resource, relative to the API version root.
### type
value: `DataType`
The type of data expected in the response.
### data
value: `string | Record<string, any>`
The request body.
### query
value: `SearchParams`
Query parameters to be sent with the request.
### extraHeaders
value: `HeaderParams`
Additional headers to be sent with the request.
### tries
value: `number`
The maximum number of times the request can be made if it fails with a throttling or server error.
### DataType
### JSON
value: `application/json`
### GraphQL
value: `application/graphql`
### URLEncoded
value: `application/x-www-form-urlencoded`
### HeaderParams
Headers to be sent with the request.
Record<string, string | number | string[]>
### PostRequestParams
GetRequestParams & {
data: Record<string, any> | string;
}
### GraphQLClient
#### Returns: interface Promise<T> {
/**
* Attaches callbacks for the resolution and/or rejection of the Promise.
* @param onfulfilled The callback to execute when the Promise is resolved.
* @param onrejected The callback to execute when the Promise is rejected.
* @returns A Promise for the completion of which ever callback is executed.
*/
then<TResult1 = T, TResult2 = never>(onfulfilled?: ((value: T) => TResult1 | PromiseLike<TResult1>) | undefined | null, onrejected?: ((reason: any) => TResult2 | PromiseLike<TResult2>) | undefined | null): Promise<TResult1 | TResult2>;
/**
* Attaches a callback for only the rejection of the Promise.
* @param onrejected The callback to execute when the Promise is rejected.
* @returns A Promise for the completion of the callback.
*/
catch<TResult = never>(onrejected?: ((reason: any) => TResult | PromiseLike<TResult>) | undefined | null): Promise<T | TResult>;
}, interface Promise<T> {}, Promise: PromiseConstructor, interface Promise<T> {
readonly [Symbol.toStringTag]: string;
}, interface Promise<T> {
/**
* Attaches a callback that is invoked when the Promise is settled (fulfilled or rejected). The
* resolved value cannot be modified from the callback.
* @param onfinally The callback to execute when the Promise is settled (fulfilled or rejected).
* @returns A Promise for the completion of the callback.
*/
finally(onfinally?: (() => void) | undefined | null): Promise<T>;
}
#### Params:
- query: Operation extends keyof Operations
- options: GraphQLQueryOptions<Operation, Operations>
export type GraphQLClient<Operations extends AllOperations> = <
Operation extends keyof Operations,
>(
query: Operation,
options?: GraphQLQueryOptions<Operation, Operations>,
) => Promise<GraphQLResponse<Operation, Operations>>;
### GraphQLQueryOptions
### variables
value: `ApiClientRequestOptions<Operation, Operations>["variables"]`
The variables to pass to the operation.
### apiVersion
value: `ApiVersion`
The version of the API to use for the request.
### headers
value: `Record<string, any>`
Additional headers to include in the request.
### tries
value: `number`
The total number of times to try the request if it fails.
### ApiVersion
### October22
value: `2022-10`
### January23
value: `2023-01`
### April23
value: `2023-04`
### July23
value: `2023-07`
### October23
value: `2023-10`
### January24
value: `2024-01`
### April24
value: `2024-04`
### Unstable
value: `unstable`
### StorefrontContext
### graphql
value: `GraphQLClient<StorefrontOperations>`
Method for interacting with the Shopify Storefront GraphQL API
If you're getting incorrect type hints in the Shopify template, follow [these instructions](https://github.com/Shopify/shopify-app-template-remix/tree/main#incorrect-graphql-hints).
## Related
- [Admin API context](/docs/api/shopify-app-remix/apis/admin-api)
- [Storefront API context](/docs/api/shopify-app-remix/apis/storefront-api)
- [Liquid reference](/docs/api/liquid)
## Examples
[App proxies](/docs/apps/online-store/app-proxies) take requests to Shopify links, and redirect them to external links.
The `authenticate.public.appProxy` function validates requests made to app proxies, and returns a context to enable querying Shopify APIs.
> Note: If the store has not installed the app, store-related properties such as `admin` or `storefront` will be `undefined`
### session
### Using the session object
```typescript
import { json } from "@remix-run/node";
import { authenticate } from "../shopify.server";
import { getMyAppModelData } from "~/db/model.server";
export const loader = async ({ request }) => {
// Get the session for the shop that initiated the request to the app proxy.
const { session } =
await authenticate.public.appProxy(request);
// Use the session data to make to queries to your database or additional requests.
return json(
await getMyAppModelData({shop: session.shop})
);
};
```
### admin
### Interacting with the Admin API
```typescript
import { json } from "@remix-run/node";
import { authenticate } from "../shopify.server";
export async function action({ request }: ActionFunctionArgs) {
const { admin } = await authenticate.public.appProxy(request);
const response = await admin.graphql(
`#graphql
mutation populateProduct($input: ProductInput!) {
productCreate(input: $input) {
product {
id
}
}
}`,
{
variables: {
input: { title: "Product Name" }
}
}
);
const productData = await response.json();
return json({ data: productData.data });
}
```
### storefront
### Interacting with the Storefront API
```typescript
import { json } from "@remix-run/node";
import { authenticate } from "../shopify.server";
export async function action({ request }: ActionFunctionArgs) {
const { storefront } = await authenticate.public.appProxy(request);
const response = await storefront.graphql(
`#graphql
query blogIds {
blogs(first: 10) {
edges {
node {
id
}
}
}
}`
);
return json(await response.json());
}
```
### liquid
### Rendering liquid content
```typescript
import {authenticate} from "~/shopify.server"
export async function loader({ request }) {
const {liquid} = await authenticate.public.appProxy(request);
return liquid("Hello {{shop.name}}");
}
```
### Rendering liquid content without a layout
```typescript
import {authenticate} from "~/shopify.server"
export async function loader({ request }) {
const {liquid} = await authenticate.public.appProxy(request);
return liquid(
"Hello {{shop.name}}",
{ layout: false }
);
}
```
### Rendering a form in a Liquid response
```typescript
import { redirect } from "@remix-run/node";
import { authenticate } from "~/shopify.server";
export async function loader({ request }) {
const { liquid } = await authenticate.public.appProxy(request);
return liquid(`
<form method="post" action="/apps/proxy/my-action">
<input type="text" name="field" />
<button type="submit">Submit</button>
</form>
`);
}
export async function action({ request }) {
await authenticate.public.appProxy(request);
const formData = await request.formData();
const field = formData.get("field")?.toString();
// Perform actions here
if (field) {
console.log("Field:", field);
}
// Return to the form page
return redirect("/apps/proxy/my-action");
}
```