As noted in Authentication, all requests to the Submarine GraphQL API require an access token to be passed as a Bearer token in the Authorization header.
When you’re making requests on behalf of a store or merchant, you can use the channel token available from the Submarine Admin UI under “Settings”.
When building a customer-facing experience (for example, a Customer Portal), you need a token scoped to access only the resources the specific customer should have access to. Your front end therefore needs to obtain a short-lived customer token from Submarine before making requests to the Submarine GraphQL API.
These tokens can be obtained from one of two endpoints, depending on where you are building your front end experience.
Customer tokens for themes and classic customer accounts
If you’re building functionality into a Shopify theme (including customer portals built into classic customer accounts), you can obtain a token by making a GET request to:
/apps/platform/tokensThis is an application proxy route, so it can (should) be made against the domain you’re hosting your theme on — for example, if customers are viewing their portal at https://www.acmecorp.com/account, you can obtain a token from https://www.acmecorp.com/apps/platform/tokens.
If the customer is validly logged in to their Shopify account, the token will be returned as a plain text string that you can cache locally and use to make requests to the Submarine GraphQL API.
Customer tokens are short-lived by design, so it’s common practice to obtain a new token for each request, or build in an expiration check to get a new token as needed.
If you’re using Submarine’s Porthole framework, our API client handles obtaining a token when required for you — you can see how it does this on GitHub.
Be aware that application proxy pages often have issues with Shopify stores that are hidden behind a password. If you’re properly logged in and still not able to obtain a token, double check your theme password settings.
Customer tokens for new customer accounts
Because customer-facing pages in new customer accounts are hosted on a different domain to the primary Shopify theme, and use Customer Account UI Extensions for custom UI elements, they require a different method of verifying the logged on state of the customer in order to obtain a token.
To get a token for use with a Customer Account UI Extension, make a GET request to:
https://embedded.submarineplatform.com/extensions/tokensTo verify that the request is coming from a logged-in customer account, you must pass a customer session token in the Authorization header of your token request. If we verify your request, a Submarine token will be returned in plain text that can be used in the same way as described above.
If you’re building your own Customer Account UI Extension, you will need to provide the Submarine support team with API credentials for your extension application so that we can properly verify the tokens passed to us.