Private app configuration instructions​

By creating a private App through the store backend, you can:

• Streamline the process of integrating authorization logic and give merchants full control over the app.
• Add functionality within the SHOPLINE backend.
• Directly access store data using the SHOPLINE API.
• Extend your online store to other platforms using the Storefront API.

This distribution method is particularly suitable for scenarios that require extensive customization capabilities and have higher data management requirements.

Whether you develop the App internally or hire third-party developers to implement it, this approach can help you quickly obtain the capabilities you need.

Prerequisites​

• Distribution methods for SHOPLINE apps
• Familiarity with the App creation process for different distribution methods

How to Configure a Private App​

Step 1: Create the App​

1. Go to the "Apps" module in the app marketplace and click on "Develop an App" to access the management list for private apps.

2. Provide the following basic information for the app:

• App name: A unique identifier for recordkeeping and management purposes.
• App developer: The person or entity responsible for creating the app, facilitating merchant management and future maintenance.
• App contact email: An email address for communication and support purposes when users encounter issues.

Step 2: Configure Permission Scope​

1. Click on "Edit" in the app list to access the app configuration page.

2. Before installing and obtaining an access token, it is necessary to configure the allowed permissions for app access. The administration backend provides management capabilities for Rest Admin API, Webhook, and Storefront API.

3. Integration with Backend API

• Determines which interfaces the app can call to access and manipulate store backend data.
  • For example, selecting "Edit Product" allows the app to access the corresponding Rest Admin API related to "Edit Product". The relationship between interfaces and permissions can be found in the Scope Point List.

• It also supports managing events to be monitored in this module.
  • Select the desired event name to subscribe to.
  • Notification URL: When the store triggers this event, the platform will send the message to the provided address.
  • Event version: The platform will release a fixed API version every quarter, as described in the API Versioning Guide. When the subscribed event version is deprecated, the platform will return the content based on the current oldest version.

4. Integration with Storefront API

• Similar to configuring the Backend API, after checking the corresponding options, the app can invoke the interfaces with the corresponding permissions. The relationship between interfaces and permissions can also be referred to in the Scope Point List.

STEP 3 Install the App​

1. After setting up the permissions, switch to "API Credentials" and click "Install App" to establish the association between the store and the app.

STEP 4 Obtain Access Tokens​

1. After installing the app, the access tokens will be available. There are two types of access tokens depending on the permissions assigned:

• When Backend API permissions are assigned, an Access Token will be generated for requesting the Rest Admin API.
• When Storefront API permissions are assigned, a Storefront Token will be generated for requesting the Storefront API.

2. To ensure the security of the backend data, the Access Token requires authentication before accessing it. When viewing the backend API access token, the system will send a verification code to your login email. You need to enter the correct verification code to view and copy the Access Token.

Private app access​

1. After obtaining the access tokens, the app can use the tokens to call the APIs within the assigned permission scope.
2. PPrivate apps cannot utilize capabilities like App Bridge aand App Proxy as public apps do. They cannot be integrated into the SHOPLINE backend. Therefore, you need to prepare a separate app entry that can be accessed independently.
3. For usage restrictions regarding tokens, please refer to our Authorization Instructions document.

Management of private apps​

Modifying permission scope​

On the permission configuration page, you can modify the Backend API permissions and Storefront API permissions assigned to the app at any time.

• Changes to permissions do not require modifying the token.
• The platform automatically handles the accessible permission scope of the token.

Please note that removing a previously assigned permission from the app will affect its access to the corresponding interfaces. Therefore, when revoking a permission authorization, ensure that the app no longer requires that permission.

Modifying webhook event subscriptions​

Whether adding or canceling event subscriptions, the changes take effect immediately after you save them. Unconsumed webhook notifications do not have any impact on your store.

Please note that for each notification, the platform expects the app to provide a successful callback.

• If there are no correct callbacks for an extended period, the platform considers it an invalid subscription and removes it.
• Afterward, the app will no longer receive messages when events are triggered in the store until you subscribe to them again.

For detailed rules, please refer to the Webhook Management Mechanism.

Uninstalling an app​

On the management page of the private app, you can uninstall the app at any time.

• Once uninstalled, the token will be revoked, and access to store data will be discontinued.
• When reinstalling, the platform will assign a new access token to the app.

Deleting the App​

Deleting the app is an irreversible operation and cannot be recovered.

If you only want to temporarily disable the app, you can choose to uninstall instead of deleting.

App Operation Logs​

Every important operation is recorded in the operation log page, where you can view or trace the change logs of the app.

new/170387873339592/11创建私有应用（EN）.jpg)