Getting the shopify url when creating a RecurringAppSubscription for App with GraphQL

Natashz
Tourist
7 0 12

Hello, 

We successfully created an AppSubscription.

However, since Shopify only appends the charge id to the returnUrl we created the AppSubscription with, we have to somehow append the shopUrl to the URL so that we could save it and later query for the subscription info based on the chargeId. (Since working with GraphQL Admin Api requires the Shopify URL as part of the Root URL)

My question has two parts then:

1. Is there a way to pass the shop URL along with the charge id in the return URL?

2. Is there a way to query Shopify only with the charge id and out Shopify App Key? (since the charge is connected to our app it seems like there should be a way to do so but I can't seem to find whether in fact it is possible and how)

 

Your help is highly appreciated!

policenauts1
Trailblazer
173 13 33

I am working on the same thing right now and in my testing the answer is yes, when you write your GraphQL mutation to create the app subscription you just dynamically append that shop's URL as long as you have it on the server side during that session (you should). After they pass confirmation_url, using their example, if in your GraphQL query you put 

"return_url": "http://super-duper.shopifyapps.com/?shop={shopOrigin}"

Then the actual url they are directed to is http://super-duper.shopifyapps.com/?charge_id={charge_id}&shop={shopOrigin}

Why do you need to query charge_id without any other key or token? Are you asking this based on your first question in the scenario where you can't tie the URL with the charge_id to a shop? 

 

 

Natashz
Tourist
7 0 12

0 Likes
AppUser17
New Member
6 0 0

@policenauts1 and @Natashz  - How are you verifying if the request is authentic ?

When I am creating a new App Subscription and redirecting user to accept the charges. What if user dont accept it instead make a request to the returnurl ?

other requests form shopify is coming with hmac and signature and we can verify the authenticity but for this one shopify is just returning charge_id in the return url. 

Please let me know if there is any way to get the hmac values. 

Thanks 

 

 

0 Likes
policenauts
Trailblazer
169 8 28

@AppUser17  Yeah, it's annoying and strange that Shopify doesn't provide that in this case, so you need to write custom logic just for when there's charge_id present in the url path (eg, make an exception). I can't find the thread, but what someone suggested doing is you store the query string for that particular merchant in your db (during the actual OAuth process) and then re-append it to the charge_id query string after they accept billing. This doesn't actually verify authenticity, but at least then it will pass hmac validation on your end (if you then strip out the charge_id). 

To your second question, what if the user doesn't accept charges - this is also kind of annoying because your app will be considered "installed" on their side after they authorize it (but before they approve the charge). So when a store hits your app, your logic should detect whether or not they have a valid billing plan. If they don't, you re-route them to the billing page (or back through OAuth + billing). 

0 Likes
Natashz
Tourist
7 0 12

@AppUser17 which request do you wish to verify? not sure I understood why in this scenario you need the hmac. When creating a subscription you receive from Shopify a confirmation URL that you should redirect to. This is specific to the merchant's shop so only a merchant with permissions to the relevant shop would be able to enter it.

After successful confirmation the merchant is redirected to your URL of choice with the charge Id which you can then query (using the specific shop and the credentials (which hopefully you have saved beforehand during install).

Could you elaborate on your usecase?

0 Likes