Upgrading Notes (OAuth and Embedded API)

Shopify Partner
25 0 7

Hats off to Shopify for making the Oauth upgrade process very easy. It only took a couple of hours to do the update. (Course, it's my fault for doing the upgrade at pretty much the last minute, heh.)

One thing to note for upgrades like these: making legacy systems work in tangent or hybrid is way better. Even a way to move back to the legacy method in case of oops is fine too. The reason why I waited until the last second to upgrade was because I was too afraid that I would take a one-way only update and seriously bork it up. It was fine, so it's a happy story in the end. But if you want developers to upgrade things faster, please provide a very safe method of converting rather than "all or nothing". As it is I waited until the last second because even if I screwed an update up, it would have broke anyway from deprecation.

So this really doesn't have much flavor on the OAuth update, since it's occurring tomorrow and I'm fine with it now. But I do see the same issues with the Embedded API: All or nothing. At least it's turn on or turn off. Ideally, I'd like to be able to do both! Let me slowly update my systems rather than have to do an all-in-one shot update.

Shopify Staff
Shopify Staff
93 0 15

You've raised some excellent points here and I can definitely see the logic in waiting until the last minute - I doubt I would have done any different. Going forward I imagine we'll be able to accommodate more of a transition period or even some sort of ability to test the waters. As you mentioned making these sort of switches to your app(s) is no small task and can have major implications!

We really appreciate the feedback and it will definitely be taken greater into account going forward


Shopify Expert
3937 16 325

I second the notion of having a better explanation of the reasoning behind the embedded API being a one-way switch. The reason is that I have an App that functions as an Embedded App. The API key is used to authenticate the App and all is well. Thing is that same API key is also used outside the embedded App itself to handle various tasks. 

I think it would be more clear for developers if there was an explanation about the implications what happens to an API key with/without the embedded setting. A nice diagram showing the valid states and uses of the API key.

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com