App FAQ: Storefront SaaS connection from app-script or client browser

[DirkPersky]

What kind of question do you have about the app system?

App Scripting Advanced

Describe your question or feedback

Hello,

Is there a way to communicate with my SaaS Server from an app-script?

OR

Is there a "pass through" (storefront) to a Shop-Endpoint where i can reach my SaaS?

Why:

Becouse an direkt comunikation out of the Client Browser from the Shop Customer coud be an GDPR issue.
If the Shop-Owner dosn't add an hint to his data privacy.

Aswell you need to prepare a lot to get all informations for the SaaS to know which Shop is calling.

[keulinho]

We recently added a feature to the app system that makes exactly that easier. Refer to the official docs here. With that, you'll get a JWT token with all the shop specific (e.g. shop ID) and also context specific (e.g. sales channel id, etc) information. This JWT token allows securely communicating from the client directly to your SaaS backend.

Regarding GDPR and data privacy, you should use the privacyPolicyExtensions element in the meta-section of your Apps manifest to describe exactly what the merchant has to add to their privacy policy. Refer to the docs for an example.

[DirkPersky]

He.,

I don't know if it's a "bug" or a "feature".

Every time something changes at the checkout (e.g. PaymentMethod)
We need to “reset()” the AppClient since the AppToken has not been updated.

Since it contains the payment and shipping method, we are forced to do it.

This should be added to the documentation.