Build a Shopify application with Strapi.
- Requirements
- Installation
- Middlewares Configuration
- Shopify Configuration
- Environment Variables
- Endpoints
Strapi v4 is required.
npm install --save strapi-plugin-shopify
Webhooks are authenticated with HMAC calculated on the raw body, strapi::body
middleware should be configured to pass the unparsed body as following:
{
name: 'strapi::body',
config: {
includeUnparsed: true,
},
},
If you want to serve an embedded app directly from Strapi you will find that default CSP policies will not allow to do that, strapi::security
middleware should be configured as following (this configuration should be used only if you have problem with the embedded app iframe):
{
name: 'strapi::security',
config: {
contentSecurityPolicy: {
useDefaults: true,
directives: {
'frame-ancestors': null,
},
},
frameguard: false,
},
},
The Shopify application should be configured as follow:
- App URL should be set as
https://your-domain.com/api/shopify
- Allowed redirection URL(s) should have both
https://your-domain.com/api/shopify/install/callback
https://your-domain.com/api/shopify/auth/callback
This plugin needs the following environment variables to work:
Variable | Example | Description |
---|---|---|
HOST_NAME | shop3.app |
the host name of your app without the protocol (http or https) |
SHOPIFY_API_KEY | 553536bf79ee112525f63aaf25df59f8 |
the API key generated by Shopify |
SHOPIFY_API_SECRET | 687b73300b570bdbe53220d84a18e23d |
the API secret generated by Shopify |
SHOPIFY_SCOPES | read_locales,read_products |
the API scopes used by the application |
SHOPIFY_APP_EMBEDDED | true |
whether the app is an embedded app or not |
SHOPIFY_REDIRECT_URL | https://shop3.app/home |
the url where the user is redirect after authentication |
This are the endpoints exposed by this plugin:
Method | Path | Description |
---|---|---|
GET | /api/shopify | the entry point of the application, it handles installation and authentication |
POST | /api/shopify/webhooks | the default webhooks endpoint called by Shopify |
GET | /api/shopify/install | the installation endpoint, should not be called directly, use /api/shopify instead |
GET | /api/shopify/install/callback | the installation callback endpoint, should be called only by Shopify |
GET | /api/shopify/auth | the authentication endpoint, should not be called directly, use /api/shopify instead |
GET | /api/shopify/auth/callback | the authentication callback endpoint, should be called only by Shopify |
POST | /api/shopify/auth/logout | the logout endpoint, should be called to delete the Shopify session |
GET | /api/shopify/shop | this endpoint should be called to get the authenticated shop data |
GET | /api/shopify/plans | this endpoint should be called to get available subscription plans |
GET | /api/shopify/subscription | this endpoint should be called to get the shop subscription |
POST | /api/shopify/subscription | this endpoint should be called to create a shop subscription |