Mandatory Webhooks in a multi tenant environment

Mandatory Webhooks in a multi tenant environment

AteFo
Visitor
2 0 1

Hi, 

 

As a shopify partner we need to set up the mandatory webhooks. However we have a multi tenant setup with strongly separated data, where our customers own the data. So we don't really want shop specific GDPR requests being handled by a central system. 

 

Ideally, our app would register an endpoint per shop, and shopify would communicate directly to this endpoint. This is a more private and more direct approach that fits better within the GDPR spirit. I assume most partner apps have a central profile store, so that is why the existing approach was chosen.

 

It feels like Shopify has not taken this usecase into account. Is there any way where we can avoid having to build a central system for handling the requests without having to create a partner app for each tenant(definitely a no-go).

Replies 3 (3)

garyrgilbert
Shopify Partner
425 41 178

As a work-around you could put a router in front of it.. the shop domain is in the gdpr webhook call, you don't have to handle it at the central system but only redirect the call to the shop's endpoint.  Which is probably along the lines of what you will end up doing anyway because there may never come a day when that is implemented into the app setup 🙂

 

Cheers,

 

Gary

 

- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
AteFo
Visitor
2 0 1

Yeah, we're evaluating something like that, but it's definitely not an ideal situation. We need to build  a centralized service, collect Store->Tenant mappings, and then pass through potentially identifying behavior(email addresses, etc.) through this service. It can be done, as with most things in software engineering, but it's not a desireable state.

garyrgilbert
Shopify Partner
425 41 178

sadly, in my experience a work-around is never ideal.

- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution