Focuses on API authentication, access scopes, and permission management.
My app uses the Remix template.
I want my Shopify app to be only installable by a certain merchant. I already set the distribution method to "custom distribution" within the partner dashboard.
If someone opens the domain on which my app is running in the browser, this person can install the app on his own Shopify shopp. This is unexpected behavior, since I specified within the Shopify partner dashboard that only a specific shop should be allowed to install my app.
I suppose the problem is that the Shopify config file shopify.server.ts needs to be adjusted. Setting `distribution:` to `AppDistribution.SingleMerchant` doesnt help. I didn't found any documentation on shopify.dev that could help me.
My shopify.server.ts looks like this (no changes on the default file except setting distribution to AppDistribution.SingleMerchant):
const shopify = shopifyApp({ apiKey: process.env.SHOPIFY_API_KEY, apiSecretKey: process.env.SHOPIFY_API_SECRET || "", apiVersion: LATEST_API_VERSION, scopes: process.env.SCOPES?.split(","), appUrl: process.env.SHOPIFY_APP_URL || "", authPathPrefix: "/auth", sessionStorage: new PrismaSessionStorage(prisma), distribution: AppDistribution.SingleMerchant, restResources, webhooks: { APP_UNINSTALLED: { deliveryMethod: DeliveryMethod.Http, callbackUrl: "/webhooks", }, }, hooks: { afterAuth: async ({ session }) => { shopify.registerWebhooks({ session }); }, }, future: { v3_webhookAdminContext: true, v3_authenticatePublic: true, unstable_newEmbeddedAuthStrategy: true, }, ...(process.env.SHOP_CUSTOM_DOMAIN ? { customShopDomains: [process.env.SHOP_CUSTOM_DOMAIN] } : {}), });
Can I adjust within the Remix template the code that allows a merchant to install the app?
Please help me by providing a step by step instructions on the changes I need to carry out.
Also, please adjust the docs on shopify.dev to cover how to configure a custom app properly.