Hey Max,
Unfortunately there currently isn’t a way to verify access tokens on the server-side.
Since this is sensitive data I need to ensure the user is logged in before they’re able to access the data, and they should only be able to access their own data.
Is there something preventing you from using an authentication trigger that will fetch the user’s address data from the eCommerce Admin API and store it in their custom user data? This will ensure that the user has logged-in/registered and only they can access their own custom data.
e.g.
- User Logs-In/Registers
- Authentication Trigger fires for that specific user
- Use User data to fetch address from E-Commerce API
- Populate User’s data with address so that only that user can access it.