Shopify App
This gem builds Rails applications that can be embedded in the Shopify Admin.
Introduction | Requirements | Usage | Documentation | Contributing | License
Introduction
This gem includes a Rails engine, generators, modules, and mixins that help create Rails applications that work with Shopify APIs. The Shopify App Rails engine provides all the code required to implement OAuth with Shopify. The default Shopify App generator builds an app that can be embedded in the Shopify Admin and secures it with session tokens.
Requirements
To become a Shopify app developer, you will need a Shopify Partners account. Explore the Shopify dev docs to learn more about building Shopify apps.
This gem requires that you have the following credentials:
- Shopify API key: The API key app credential specified in your Shopify Partners dashboard.
- Shopify API secret: The API secret key app credential specified in your Shopify Partners dashboard.
Usage
- To get started, create a new Rails app:
rails new my_shopify_app
- Add the Shopify App gem to the app's Gemfile:
bundle add shopify_app
- You will need to provide several environment variables to the app.
There are a variety of way of doing this, but for a development environment we recommended the
dotenv-rails
gem. Create a.env
file in the root of your Rails app to specify the full host and Shopify API credentials:
HOST=http://localhost:3000
SHOPIFY_API_KEY=<Your Shopify API key>
SHOPIFY_API_SECRET=<Your Shopify API secret>
- Run the default Shopify App generator to create an app that can be embedded in the Shopify Admin:
rails generate shopify_app
- Run a migration to create the necessary tables in your database:
rails db:migrate
- Run the app:
rails server
- Within Shopify Partners, navigate to your App, then App Setup, and configure the URLs, e.g.:
- App URL: http://localhost:3000/
- Allowed redirection URL(s): http://localhost:3000/auth/shopify/callback
Install the app by visiting the server's URL (e.g. http://localhost:3000) and specifying the subdomain of the shop where you want it to be installed to.
After the app is installed, you're redirected to the embedded app.
This app implements OAuth 2.0 with Shopify to authenticate requests made to Shopify APIs. By default, this app is configured to use session tokens to authenticate merchants when embedded in the Shopify Admin.
See Generators for a complete list of generators available to Shopify App.
Documentation
You can find documentation on gem usage, concepts, mixins, installation, and more in /docs
.
- Start with the Generators document to learn more about the generators this gem offers.
- Check out the Changelog for notes on the latest gem releases.
- See Troubleshooting for tips on common issues.
- If you are looking to upgrade your Shopify App version to a new major release, see Upgrading for important notes on breaking changes.
Overview
- Authentication
- Engine
- Controller Concerns
- Generators
- Sessions
- Handling changes in access scopes
- Testing
- Webhooks
- Content Security Policy
- Logging
Engine
Mounting the Shopify App Rails Engine provides the following routes. These routes are configured to help install your application on shops and implement OAuth.
Verb | Route | Action |
---|---|---|
GET |
/login |
Login |
POST |
/login |
Login |
GET |
/auth/shopify/callback |
OAuth redirect URI |
GET |
/logout |
Logout |
POST |
/webhooks/:type |
Webhook callback |
These routes are configurable. See the more detailed Engine documentation to learn how you can customize the login URL or mount the Shopify App Rails engine at nested routes.
To learn more about how this gem authenticates with Shopify, see Authentication.
New embedded app authorization strategy (Token Exchange)
[!TIP] If you are building an embedded app, we strongly recommend using Shopify managed installation with token exchange instead of the legacy authorization code grant flow.
We've introduced a new installation and authorization strategy for embedded apps that eliminates the redirects that were previously necessary. It replaces the existing installation and authorization code grant flow.
This is achieved by using Shopify managed installation to handle automatic app installations and scope updates, while utilizing token exchange to retrieve an access token for authenticated API access.
Enabling this new strategy in your app
Enable Shopify managed installation by configuring your scopes through the Shopify CLI.
[!NOTE] Ensure you don't have
use_legacy_install_flow = true
in yourshopify.app.toml
configuration file. Ifuse_legacy_install_flow
is true, Shopify will not manage the installation process for your app. You should remove theuse_legacy_install_flow
line from yourshopify.app.toml
configuration file or set it tofalse
.Enable the new auth strategy in your app's ShopifyApp configuration file.
# config/initializers/shopify_app.rb
ShopifyApp.configure do |config|
#.....
config.embedded_app = true
config.new_embedded_auth_strategy = true
# If your app is configured to use online sessions, you can enable session expiry date check so a new access token
# is fetched automatically when the session expires.
# See expiry date check docs: https://github.com/Shopify/shopify_app/blob/main/docs/shopify_app/sessions.md#expiry-date
config.check_session_expiry_date = true
...
end
- Handle special callback logic. If your app has overridden the OAuth CallbackController to run special tasks post authorization, you'll need to create and configure a custom PostAuthenticateTasks class to run these tasks after the token exchange. The original OAuth CallbackController will not be triggered anymore. See Post Authenticate Tasks documentation for more information.
- Enjoy a smoother and faster app installation process.
API Versioning
Shopify's API is versioned. With Shopify App v1.11.0
, the included Shopify API gem allows developers to specify and update the Shopify API version they want their app or service to use. The Shopify API gem also surfaces warnings to Rails apps about deprecated endpoints, GraphQL fields and more.
See the Shopify API gem README for more information.