How Can I Prevent Scraping of products.json on My Shopify Store?

Technical Q&A
1

Hello Shopify Community,

I am reaching out to find effective solutions for preventing unauthorized scraping of my Shopify store’s products JSON file. I’ve noticed that my competitors can easily run Shopify scrapers available on Chrome to gather my product data and create ready-to-upload Shopify CSV files.

For example, accessing my products can be done via https://www.my-store-name.com/products.json, which exposes detailed product information that competitors could easily use to their advantage. This includes product names, prices, descriptions, and availability, which can undermine my competitive edge.

Concerns1. Public Accessibility:

  • Why does Shopify keep the products JSON file publicly accessible? What is the rationale behind this design decision, and what are the potential benefits for merchants?

  1. Consequences of Blocking Access:

    • If I manage to block access to this file, what impact could it have on my store? Would it affect the functionality of my store, such as API integrations or third-party apps relying on this data?

Request for Solutions

I would greatly appreciate any recommendations or methods you’ve used to protect your product data from scraping. Have you implemented any specific strategies, such as modifying theme code, using bot protection apps, or creating custom API access? Any insights or experiences would be incredibly helpful.

Thank you!

2

Hey,

I’ve taken a quick look, and it appears that there is no straightforward way to hide the products.json file, as it is used to facilitate various integrations and functionalities, allowing apps and third-party services to access product information easily.

I experimented to see if you could set up a redirect using something like the code below in your theme files, but it doesn’t seem to work. I wouldn’t know the implications if it did! It could be a starting point for you though?

{% if request.path contains ‘products.json’ %}

{% endif %}

Blocking access to this file could disrupt the functionality of some apps and services that rely on this data, so it’s worth considering that.

As an alternative, you might explore using bot protection apps (which are often expensive, and of course won’t stop individuals) or monitoring your traffic to identify unusual patterns.

Sorry I can’t be of more assistance!