Skip to content

shop3/strapi-plugin-shopify

Repository files navigation

Strapi Plugin Shopify

Build a Shopify application with Strapi.

Table Of Content

Requirements

Strapi v4 is required.

Installation

npm install --save strapi-plugin-shopify

Middlewares configuration

Webhooks are authenticated with HMAC calculated on the raw body, strapi::body middleware should be configured to pass the unparsed body as following:

{
  name: 'strapi::body',
  config: {
    includeUnparsed: true,
  },
},

If you want to serve an embedded app directly from Strapi you will find that default CSP policies will not allow to do that, strapi::security middleware should be configured as following (this configuration should be used only if you have problem with the embedded app iframe):

{
  name: 'strapi::security',
  config: {
    contentSecurityPolicy: {
      useDefaults: true,
      directives: {
        'frame-ancestors': null,
      },
    },
    frameguard: false,
  },
},

Shopify Configuration

The Shopify application should be configured as follow:

  • App URL should be set as https://your-domain.com/api/shopify
  • Allowed redirection URL(s) should have both
    • https://your-domain.com/api/shopify/install/callback
    • https://your-domain.com/api/shopify/auth/callback

Screenshot illustrating how to configure the Shopify application

Environment Variables

This plugin needs the following environment variables to work:

Variable Example Description
HOST_NAME shop3.app the host name of your app without the protocol (http or https)
SHOPIFY_API_KEY 553536bf79ee112525f63aaf25df59f8 the API key generated by Shopify
SHOPIFY_API_SECRET 687b73300b570bdbe53220d84a18e23d the API secret generated by Shopify
SHOPIFY_SCOPES read_locales,read_products the API scopes used by the application
SHOPIFY_APP_EMBEDDED true whether the app is an embedded app or not
SHOPIFY_REDIRECT_URL https://shop3.app/home the url where the user is redirect after authentication

Endpoints

This are the endpoints exposed by this plugin:

Method Path Description
GET /api/shopify the entry point of the application, it handles installation and authentication
POST /api/shopify/webhooks the default webhooks endpoint called by Shopify
GET /api/shopify/install the installation endpoint, should not be called directly, use /api/shopify instead
GET /api/shopify/install/callback the installation callback endpoint, should be called only by Shopify
GET /api/shopify/auth the authentication endpoint, should not be called directly, use /api/shopify instead
GET /api/shopify/auth/callback the authentication callback endpoint, should be called only by Shopify
POST /api/shopify/auth/logout the logout endpoint, should be called to delete the Shopify session
GET /api/shopify/shop this endpoint should be called to get the authenticated shop data
GET /api/shopify/plans this endpoint should be called to get available subscription plans
GET /api/shopify/subscription this endpoint should be called to get the shop subscription
POST /api/shopify/subscription this endpoint should be called to create a shop subscription