Connect to your users’ Shopify accounts.
You can find your Shopify application credentials by visiting your Shopify Partner Dashboard.
You’ll need the following information to set up your Shopify App with Paragon:
Paragon provides a redirect URL to send information to your Shopify app. To add the redirect URL to your Shopify app:
Log in to your Shopify Partner Dashboard and select your app.
Navigate to App setup > URLs > Allowed redirection URL(s)
Add your app’s Initial Redirect URL to “App URL”. While testing your integration, you can use your app’s root URL. Once you set up an Initial Redirect to go live, you will need to change this to the URL of your Initial Redirect.
Add your app’s Redirect Callback URL to “Allowed redirection URL(s)”. While testing your integration, you can use https://passport.useparagon.com/oauth
. Once you set up a Redirect Callback to go live, you will need to change this to the URL of your Redirect Callback.
Press the Save button at the top of the page to save your changes.
Note: You’ll need a Shopify application to connect your application to Paragon. Learn more about creating a Shopify application here.
Log in to your Shopify Partner Dashboard.
Click Apps on the sidebar.
Select your Shopify application.
In the Test your app section, press the Select store button.
Choose the development store you’d like to connect to.
Note: You’ll need to create a development store if you don’t already have one. Learn more about creating a Shopify development store here.
Select Shopify from the Integrations Catalog.
Under Integrations > Connected Integrations > Shopify > Settings, fill out your credentials from the end of Step 1 in their respective sections:
Press the purple “Save Changes” button to save your credentials.
Note: You should only add the scopes you’ve requested in your application page to Paragon.
Once your users have connected their Shopify account, you can use the Paragon SDK to access the Shopify API on behalf of connected users.
See the Shopify REST API documentation for their full API reference.
Any Shopify API endpoints can be accessed with the Paragon SDK as shown in this example.
Once your Shopify account is connected, you can add steps to perform the following actions:
When creating or updating records in Shopify, you can reference data from previous steps by typing {{
to invoke the variable menu.
Requirement for using Shopify triggers: Configuring triggers for Shopify events that involve customer data requires you as the Shopify app owner to request access to protected data. Navigate to Apps > Your App > API Access > Access Requests to request access before using the Paragon Shopify trigger. Learn more here.
Webhook triggers can be used to run workflows based on events in your users’ Shopify account. For example, you might want to trigger a workflow whenever new orders are created Shopify to sync your users’ Shopify orders to your application in real-time.
You can find the full list of Webhook Triggers for Shopify below:
Required for publishing: In order to list your app on the Shopify App Store, you must implement the following additional features in your integration:
For more information, see Shopify’s documentation on publishing requirements.
Your Shopify integration requires two types of pages hosted in your application to support an installation flow that begins in the Shopify App Store (i.e., a user searches the Shopify App Store for your published app and clicks Add app).
Here is an annotated version of the Shopify OAuth flow diagram outlining what pages you will need to implement:
The pages you will need to implement include:
shop
query parameter and redirect to Shopify’s OAuth flow.paragon.completeInstall
to save the user’s account connection.For an example implementation of the redirect pages using React (based on our Next.js sample app), see:
The Initial Redirect should be implemented as follows:
shop
. If the query parameter is present, redirect to the following URL to start the Shopify OAuth flow:SHOPIFY_CLIENT_ID
should match the Client ID that you use in your Shopify integration settings.REDIRECT_CALLBACK_URL
should be the URL of the Redirect Callback page in your app.SHOPIFY_SCOPES
should match the scopes that you use in your Shopify integration settings.The Redirect Callback should be implemented as follows:
Import the Paragon SDK and authenticate a user.
Accept and read query parameters, which will be:
code
and shop
in case of a successful installation
error
in case of an unsuccessful installation or denied consent
If the code
query parameter is present,
Read the shop
query parameter and capture the shop name in the pattern {shop}.myshopify.com
. See the regular expression used below.
Call paragon.completeInstall
to complete the OAuth exchange and save a new connected Shopify account.
If the error
query parameter is present,
Log in to your Shopify Partner Dashboard and select your app.
Navigate to App setup > URLs > Allowed redirection URL(s)
Set your App URL to your app’s Initial Redirect URL.
Add your app’s Redirect Callback URL to Allowed redirection URL(s).
Shopify requires you to subscribe to 3 privacy webhooks to request or erase personal data that your integration may store in your application.
Paragon’s Shopify integration allows you to subscribe and take action on these webhooks via workflows.
To get started, visit the Paragon dashboard and navigate to your Shopify integration.
Next, log in to Shopify Partners and navigate to Apps.
Next, create 3 workflows that listen for these triggers and take action on events received:
You can create new workflows in the Paragon dashboard, from the Overview tab of your Shopify integration and click Create Workflow.
For each of the new workflows you create, select a Shopify trigger and select one of the Shopify privacy webhook events as the Trigger Event:
Define the steps under the workflow to respond to the event type you selected.
From Shopify’s documentation, here is how you should handle each event type:
Customer data request: If your app has been granted access to customer or order data, then it will receive a data request webhook. The webhook contains the resource IDs of the customer data that you need to provide to the store owner. It’s your responsibility to provide this data to the store owner directly.
Customer data erasure: Shopify store owners can request that data is deleted on behalf of a customer. When this happens, Shopify sends a Customer Data Erasure event to the apps installed on that store so that you can erase any data for a certain customer of a store from your database.
Shop data erasure: 48 hours after a store owner uninstalls your app, Shopify sends a Shop Data Erasure event. This webhook provides the store’s shop_id
and shop_domain
so that you can erase data for that store from your database.
Example Implementation
Example implementation
Add a Request step under the Trigger to send the privacy event information to your API. We recommend including the following values in the request body for your reference:
{{1.result}}
: This is the full event payload received from Shopify. You will see an example of the event in your workflow Test Data. See Shopify’s documentation on event payloads for more details.{{userSettings.userId}}
: This is the User ID of the Connected User that received the event. You can use this ID to relate the event to a user in your application.Finally, configure your 3 workflows to be hidden from the Connect Portal and enabled by default:
Having both options on will mean that this workflow will run for all users of your Shopify integration, and users will not see or need to configure the workflow from your Connect Portal.
To test your privacy webhook implementation end-to-end:
Connect to your users’ Shopify accounts.
You can find your Shopify application credentials by visiting your Shopify Partner Dashboard.
You’ll need the following information to set up your Shopify App with Paragon:
Paragon provides a redirect URL to send information to your Shopify app. To add the redirect URL to your Shopify app:
Log in to your Shopify Partner Dashboard and select your app.
Navigate to App setup > URLs > Allowed redirection URL(s)
Add your app’s Initial Redirect URL to “App URL”. While testing your integration, you can use your app’s root URL. Once you set up an Initial Redirect to go live, you will need to change this to the URL of your Initial Redirect.
Add your app’s Redirect Callback URL to “Allowed redirection URL(s)”. While testing your integration, you can use https://passport.useparagon.com/oauth
. Once you set up a Redirect Callback to go live, you will need to change this to the URL of your Redirect Callback.
Press the Save button at the top of the page to save your changes.
Note: You’ll need a Shopify application to connect your application to Paragon. Learn more about creating a Shopify application here.
Log in to your Shopify Partner Dashboard.
Click Apps on the sidebar.
Select your Shopify application.
In the Test your app section, press the Select store button.
Choose the development store you’d like to connect to.
Note: You’ll need to create a development store if you don’t already have one. Learn more about creating a Shopify development store here.
Select Shopify from the Integrations Catalog.
Under Integrations > Connected Integrations > Shopify > Settings, fill out your credentials from the end of Step 1 in their respective sections:
Press the purple “Save Changes” button to save your credentials.
Note: You should only add the scopes you’ve requested in your application page to Paragon.
Once your users have connected their Shopify account, you can use the Paragon SDK to access the Shopify API on behalf of connected users.
See the Shopify REST API documentation for their full API reference.
Any Shopify API endpoints can be accessed with the Paragon SDK as shown in this example.
Once your Shopify account is connected, you can add steps to perform the following actions:
When creating or updating records in Shopify, you can reference data from previous steps by typing {{
to invoke the variable menu.
Requirement for using Shopify triggers: Configuring triggers for Shopify events that involve customer data requires you as the Shopify app owner to request access to protected data. Navigate to Apps > Your App > API Access > Access Requests to request access before using the Paragon Shopify trigger. Learn more here.
Webhook triggers can be used to run workflows based on events in your users’ Shopify account. For example, you might want to trigger a workflow whenever new orders are created Shopify to sync your users’ Shopify orders to your application in real-time.
You can find the full list of Webhook Triggers for Shopify below:
Required for publishing: In order to list your app on the Shopify App Store, you must implement the following additional features in your integration:
For more information, see Shopify’s documentation on publishing requirements.
Your Shopify integration requires two types of pages hosted in your application to support an installation flow that begins in the Shopify App Store (i.e., a user searches the Shopify App Store for your published app and clicks Add app).
Here is an annotated version of the Shopify OAuth flow diagram outlining what pages you will need to implement:
The pages you will need to implement include:
shop
query parameter and redirect to Shopify’s OAuth flow.paragon.completeInstall
to save the user’s account connection.For an example implementation of the redirect pages using React (based on our Next.js sample app), see:
The Initial Redirect should be implemented as follows:
shop
. If the query parameter is present, redirect to the following URL to start the Shopify OAuth flow:SHOPIFY_CLIENT_ID
should match the Client ID that you use in your Shopify integration settings.REDIRECT_CALLBACK_URL
should be the URL of the Redirect Callback page in your app.SHOPIFY_SCOPES
should match the scopes that you use in your Shopify integration settings.The Redirect Callback should be implemented as follows:
Import the Paragon SDK and authenticate a user.
Accept and read query parameters, which will be:
code
and shop
in case of a successful installation
error
in case of an unsuccessful installation or denied consent
If the code
query parameter is present,
Read the shop
query parameter and capture the shop name in the pattern {shop}.myshopify.com
. See the regular expression used below.
Call paragon.completeInstall
to complete the OAuth exchange and save a new connected Shopify account.
If the error
query parameter is present,
Log in to your Shopify Partner Dashboard and select your app.
Navigate to App setup > URLs > Allowed redirection URL(s)
Set your App URL to your app’s Initial Redirect URL.
Add your app’s Redirect Callback URL to Allowed redirection URL(s).
Shopify requires you to subscribe to 3 privacy webhooks to request or erase personal data that your integration may store in your application.
Paragon’s Shopify integration allows you to subscribe and take action on these webhooks via workflows.
To get started, visit the Paragon dashboard and navigate to your Shopify integration.
Next, log in to Shopify Partners and navigate to Apps.
Next, create 3 workflows that listen for these triggers and take action on events received:
You can create new workflows in the Paragon dashboard, from the Overview tab of your Shopify integration and click Create Workflow.
For each of the new workflows you create, select a Shopify trigger and select one of the Shopify privacy webhook events as the Trigger Event:
Define the steps under the workflow to respond to the event type you selected.
From Shopify’s documentation, here is how you should handle each event type:
Customer data request: If your app has been granted access to customer or order data, then it will receive a data request webhook. The webhook contains the resource IDs of the customer data that you need to provide to the store owner. It’s your responsibility to provide this data to the store owner directly.
Customer data erasure: Shopify store owners can request that data is deleted on behalf of a customer. When this happens, Shopify sends a Customer Data Erasure event to the apps installed on that store so that you can erase any data for a certain customer of a store from your database.
Shop data erasure: 48 hours after a store owner uninstalls your app, Shopify sends a Shop Data Erasure event. This webhook provides the store’s shop_id
and shop_domain
so that you can erase data for that store from your database.
Example Implementation
Example implementation
Add a Request step under the Trigger to send the privacy event information to your API. We recommend including the following values in the request body for your reference:
{{1.result}}
: This is the full event payload received from Shopify. You will see an example of the event in your workflow Test Data. See Shopify’s documentation on event payloads for more details.{{userSettings.userId}}
: This is the User ID of the Connected User that received the event. You can use this ID to relate the event to a user in your application.Finally, configure your 3 workflows to be hidden from the Connect Portal and enabled by default:
Having both options on will mean that this workflow will run for all users of your Shopify integration, and users will not see or need to configure the workflow from your Connect Portal.
To test your privacy webhook implementation end-to-end: