api key: a public unique identifier for your app.
shared secret: a secret shared between Shopify and your app, used for authentication.
Used by Shopify to sign webhooks and other requests.
access token: another secret!
But a new one is generated every time a new person installs your app.
What is a private API key?
The authentication method requires a public key (Consumer Key) and signature seeded with a Private Key. These two keys are associated with a user’s single API Key. Private Key – This is the Private key that will be used to generate the signature on both the client and server but will not be included in the request.
How do I secure my API key?
Securing an API key
- Do not embed API keys directly in code.
- Do not store API keys in files inside your application’s source tree.
- Set up application and API key restrictions.
- Delete unneeded API keys to minimize exposure to attacks.
- Regenerate your API keys periodically.
- Review your code before publicly releasing it.
Why do you need an API key?
That’s the reason we used API Key. The API key is a secret token that is used to identify the root of a request. Benefit of using an API key is basically for better customer support and capturing application usage data so that service developers know what services to keep, or make better.
What is API key name?
An application programming interface key (API key) is a unique code that is passed in to an API to identify the calling application or user. The API key often acts as both a unique identifier and a secret token for authentication, and generally has a set of access that is specific to the identity associated with it.