Thanks so much for the reply! This is what we did in the end. Although the headless approach needs so much customisation for any updates, we’re considering gong back to using a theme…
Topic summary
Headless Shopify storefront using native checkout faces abandoned-checkout email links that redirect to the password page due to a password-protected theme domain.
Context and issue:
- Storefront is headless; checkout uses Shopify’s native flow via API-generated URLs (mystore.shopify.com/cart/c/{id} → /checkouts/), which work.
- Klaviyo (email marketing) sends abandoned checkout emails using a Shopify-provided link (mystore.shopify.com/{id}/checkouts/ac/{...}). Because the theme is password protected, these links redirect to /password, blocking recovery.
Proposed workaround:
- Do not password protect the theme. Instead, add JavaScript in theme.liquid that immediately redirects any theme-rendered page to the custom storefront. Checkout is unaffected because theme.liquid isn’t loaded there.
Outcome:
- Original poster implemented the theme.liquid redirect solution, resolving the blocked abandoned-checkout links. They note the headless approach requires heavy customization and are considering returning to a theme.
Open question:
- It remains unanswered whether Shopify can change the URL Klaviyo receives to match the API checkout URL instead of the password-gated path.