Skip to main content
Authentication in a custom creator dashboard has two layers:
  1. Shopper/creator identity (usually Shopify customer account auth)
  2. Backend authorization to read/write creator + collab data
Use Shopify customer accounts for sign-in, then authorize all dashboard data actions through your backend proxy. 
Customer logs in with Shopify account
-> Theme/extension gets authenticated customer context
-> Frontend sends request to your backend
-> Backend validates session + maps customer to creator/collab
-> Backend calls CreatorCommerce APIs
Why this is preferred:
  • No API secrets in the browser
  • Cleaner permission boundaries
  • Easier auditing and rate limiting
  • Safer handling of write operations (drop updates, profile edits, uploads)

Identity Bootstrap in UI

In customer-account pages, expose only minimal identity context: 
{% if customer.email %}
  <div data-customer-email="{{ customer.email }}" style="display:none;"></div>
{% endif %}
Your JS can then read that value and call your backend.

Customer -> Creator Resolution

Resolve creator/collab server-side by trusted identity (email, customer ID, or both): 
// Backend route example
app.get('/api/dashboard/collab', async (req, res) => {
  const customer = await requireAuthenticatedCustomer(req);
  const collab = await getCollabByCustomerIdentity(customer);
  res.json(collab);
});
Avoid resolving partner status by looping every creator metaobject in Liquid on each page view.

Token Strategy

If your backend calls CreatorCommerce APIs:
  • Keep CC keys/tokens server-side only
  • Use short-lived session auth between browser and your backend
  • Rotate secrets and log outbound API calls

Optional SSO Patterns

If you run a separate creator portal outside customer accounts:
  • SSO from your existing identity system
  • Magic-link entry flows
  • CC-issued auth flow where applicable
Still keep write operations proxy-based through your backend.

Session + Access Control Checklist

  • Enforce authenticated customer session on every dashboard endpoint
  • Verify customer is mapped to the collab/drop being modified
  • Reject cross-collab writes even if IDs are guessed
  • Rate-limit write routes (updateDrop, updateCollab, createDrop, enhancement updates)
  • Return normalized error payloads so UI can show deterministic toasts