Authorization
When an app needs to access merchant store data, it must first obtain authorization from the merchant. Because embedded apps run within an iframe, traditional server-side redirects will cause the authorization page to load inside the nested frame. This often results in rendering or loading issues.
Therefore, it is strongly recommended to use the OAuth method provided by App Bridge to initiate the authorization request on the frontend. This method opens the authorization page in the parent window, avoiding iframe nesting problems.
Usage
When a merchant installs the app, run the following code to redirect the merchant to the SHOPLINE authorization page:
import Client, { Oauth, shared } from '@shoplineos/app-bridge';
const appKey = 'your-app-key', // appKey
// Initialize App Bridge.
const app = Client.createApp({
appKey,
host: shared.getHost(),
});
// Initiate an authorization request.
Oauth.create(app).invoke({
scope: 'read_products,read_orders', // Requested permissions
appKey,
redirectUri: 'https://your-app.com/callback', // Authorization callback URL
});
Parameters
| Parameter | Type | Description | Required |
|---|---|---|---|
| scope | string | Permission scope. Use , to separate multiple permissions, for example, read_products,read_orders. For the complete permission list, refer to Access scope. | Yes |
| appKey | string | The unique identifier of the app. It must be the same as the appKey parameter used during initialization. | Yes |
| redirectUri | string | The URL to redirect to after the merchant authorizes the app. It must be the same as one of the app callback URLs configured in the Partner Portal. | Yes |
Authorization flow
- App installation: The merchant installs the app from the SHOPLINE App Store.
- Redirect to the app: SHOPLINE accesses the configured app URL, appending parameters like
handle,timestamp,appKey, andsign. - Authorization check: The app checks if the current store has completed authorization.
- Initiating authorization: If authorization is required, call the
Oauth.create(app).invoke()method. - Confirming authorization: SHOPLINE opens the authorization page in the parent window for the merchant to confirm.
- Callback to the app: Upon successful authorization, SHOPLINE redirects to the configured
redirectUri.
TIP
For the complete OAuth authorization flow, refer to App authorization.
Was this article helpful to you?
'%3e%3crect%20x='6'%20y='7.13049'%20width='13'%20height='10'%20rx='1'%20fill='black'/%3e%3cpath%20d='M12.4998%2012.936L-3.65042%200.604835L28.65%200.604838L12.4998%2012.936Z'%20stroke='white'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_716_14611'%3e%3crect%20x='6'%20y='7.13049'%20width='13'%20height='10'%20rx='1'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3crect%20x='5.63086'%20y='7.26086'%20width='13'%20height='10'%20rx='1'%20fill='white'/%3e%3cpath%20d='M12.1306%2013.0664L-4.01956%200.735206L28.2809%200.735209L12.1306%2013.0664Z'%20stroke='%231A2C42'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_716_14599'%3e%3crect%20x='5.63086'%20y='7.26086'%20width='13'%20height='10'%20rx='1'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)