Authenticate requests between an extension and an app's backend server

App Bridge Admin apps use session tokens to authenticate requests between the extension and your app's backend server. Session tokens are secure packets of data about a merchant session in the Shopify Admin, similar to cookies. A session token provides the information required to validate that a request is coming from Shopify, and also provides the IDs of the user and shop. Learn more about session tokens.

This tutorial describes how to authenticate requests between your extension and your app's backend server using session tokens.