How to generate new shopify store access_token after uninstall and install app again?

0
votes

I have an app on Shopify marketplace.

Once a client installs my app on is Shopify account - I save the store access_token in order to create API CALL later.

The problem is, The client uninstalls my app, and then install the app again. But the is store aceess_token remains the same (I not producing new access_token during the second install. because the client already exist on my database.

How can I generate a new Shopify store access token through Shopify API CALL?

function getAccessToken($shop, $apiKey, $secret, $code) {
  $query = array(
    'client_id' => $apiKey,
    'client_secret' => $secret,
    'code' => $code
  );

  // Build access token URL
  $access_token_url = "https://{$shop}/admin/oauth/access_token";

  // Configure curl client and execute request
  $curl = curl_init();
  $curlOptions = array(
    CURLOPT_RETURNTRANSFER => TRUE,
    CURLOPT_URL => $access_token_url,
    CURLOPT_POSTFIELDS => http_build_query($query)
  );
  curl_setopt_array($curl, $curlOptions);
  $jsonResponse = json_decode(curl_exec($curl), TRUE);
  curl_close($curl);

  return $jsonResponse['access_token'];
}
1
phpshopifyshopify-appshopify-api

1 Answers

2
votes

I think you are asking the wrong question here.

You shouldn't ask how to create an Access Token again but rather you should ask how to clear your database from any information regarding the store on uninstall.

Once an user uninstall your app you should clear any information about his store or there will be problems in the long run in case someone was able to inject malicious code and get access to your Database entries. And in case of sensible information this may result in legal issues for you, all things you don't want to dip your feet in.

Shopify has a webhook that fires each time an app is uninstalled called app/uninstalled. You should listen for that webhook and clear your database from all of the store data.

This fix will make your App more secure (in a sense that you don't keep old stores), more client friendly and it will fix your initial problem since there will be no store in your database when the user install the app again.