Focuses on API authentication, access scopes, and permission management.
Two related questions about app installs while our app is in development.
Q1. Our app has not been approved yet and so we don't have an app URL to redirect a merchant to. Without a URL, test merchants can't install our app. We used Shopify's buildAuthUrl API, but that API requires a shop name. Unfortunately, our app approval team contact says it is against Shopify policies to ask a merchant for their shop name. How do apps, while in development, direct merchants to their install page?
Q2. If a merchant does install our app without an account on our platform, we save the merchant's email. However, if the same merchant uses a different email on our platform than the one they use on Shopify, we cannot link their account to their auth token. How do apps link a new merchant to their auth tokens, if the email they use on Shopify and on your platform aren't the same?
Hey @baldisheagle
A1. While your app is in the development stage, it can only be installed on development stores before it gets approved. You can create a development store and then install your app on it by using the 'Test your app' section on the app's overview page within the Partner Dashboard.
A2. The best practice would be to retain and map the merchant via their shop URL. Let me know if I'm not understanding your question.
Scott | Developer Advocate @ Shopify
hey @SBD_
Thanks for your response.
A1. We have our own development stores. This situation is currently for our app approval team. They cannot approve our app unless we direct the merchant to our app's install page. But we can't have an install page unless it is approved. We are going in circles and we can't find a way around it.
A2. We retain the shop URL and their email once they complete the OAuth flow from Shopify. However, when they create an account on our platform, how do we know which URL is theirs? E.g. if their shop URL is say abc.myshopify.com and merchant email on Shopify is say def@email.com, and they login on our platform with say ghi@email.com, how does our platform know abc.myshopify.com belongs to the same merchant? If they use the exact same email def@email.com as their account email on our plaform, then we can, but if they decide not to, then we're stuck. Are we missing something? Do we need to require our merchant users to use the same email they use on Shopify as they use on our platform? How have other developers resolved this condition?
Hey @baldisheagle
To keep track of merchant:account you'd need to have the customer login/register on your side and then kick off the oAuth flow on Shopify. That way when they complete the flow you know who they are and could tie their Shopify store/token to a customer ID.
Scott | Developer Advocate @ Shopify
That workflow works fine. These questions are for when a merchant installs our Shopify app from within Shopify's AppStore without having created an account on our platform.
Hey @baldisheagle
When they're logged into the app, you'll have access to the Shop ID. You could pass this along to your registration form. Be sure to secure the ID so it can't be tampered with.
Scott | Developer Advocate @ Shopify
Are you able to resolve A1? If yes, how did you get around it?