Admin App Bridge is for host UI; the Store API is for data. To call the Store API from an embedded app, exchange the launch (bridge) token for a short-lived, least-privilege session token (tast_) and send it as a bearer token.
bridge.getSessionToken(options?)#
Exchanges the bridge token for a Store API session token scoped to what your UI needs. The result is cached per scope-set and auto-refreshed 60 seconds before expiry, and concurrent calls for the same scopes de-dupe — so you can call it freely before each batch of API requests.
Option |
Type |
Default |
Meaning |
|---|---|---|---|
scopes |
string[] |
|
The scopes this token needs. Your app must have been granted them at install, or the call rejects naming the missing scope. |
force |
boolean |
|
Bypass the cache and force a fresh exchange. |
Resolves { token, scopes, expiresAt }. Use token as Authorization: Bearer <token>.
const { token } = await bridge.getSessionToken({ scopes: ["read_products"] });
const res = await fetch("https://api-store.tringify.com/api/2025-01/products", {
headers: { Authorization: "Bearer " + token },
});
const products = await res.json();
How the exchange works#
Under the hood, getSessionToken POSTs { bridge_token, scopes } to /api/2025-01/app-bridge/session/exchange. If the exchange fails because the bridge token lapsed (INVALID_TOKEN or HTTP 401), the SDK refreshes the bridge token once through the host and retries the exchange automatically. You normally never touch the bridge token directly.
bridge.refreshBridgeToken()#
Force a fresh launch (bridge) token from the host. Rarely needed directly — the SDK refreshes proactively before expiry and on a failed exchange — but exposed for apps that want to pre-warm.