Geek Answers Handbook

Shopify: How can I handle removal and then instant reinstallation?

Recently, I was dealing with the fact that a user turned off my Shopify application and immediately installed it again. This caused a problem because I keep all my users in a DB table.

Login / installation works as follows:

  • The user tells me his store address
  • I am forwarding the user example.myshopify.com/admin/oauth/authorize where access is granted. to my application
  • I check if this store URL is stored in my local user database
    • If not: I request a permanent access token and forward the user to the plan selection page
    • If yes: I get the saved access token from the user database and register the user in my application.

Removal:

  • User uninstalls my app in his Shopify backend
  • Shopify sends a webhook to my application.
  • I delete user data from the user database

The problem is that webhooks are sometimes delayed. If the user uninstalls and instantly reinstalls, my application will consider that the installation is an attempt to enter the system and will now use the invalid access token stored in the user database.

I decided that I could just check if the redirect from the authorization page contains a temporary access token, and if so, it will be a new installation, but it seems that the access token is returned even if the application is already installed.

So my question is: how can I handle instant reinstallation gracefully? Surely there is something that I don’t notice, cannot there be such a huge "logical error" in the Shopify API?

+8
shopify
source share
1 answer

I have had a problem with my apps lately. Webhooks began to linger in the last 2 months, and I would be surprised if most of the applications there did not suffer from this regression error.

The way I deal with this is when the user is redirected to the application, and the old db object / token is still present in the database, try calling the dummy Shopify API API (something like getting store information) with you have a marker. If you received a 403 unauthorized response, cancel the user session and update the saved token.

Another problem is that after a minute or two, when the original webhook uninstaller is triggered, follow the same procedure - check the answer 403. If you DO NOT receive 403, then you know that the web check is old and should not work, because if you get 200 OK, it means that your token is good and that the application is still installed.

This is a bit confusing, and he added honest code to my applications, but this is the only thing I could think of in the shortest possible time - because merchants often uninstall / reinstall quite often.

+14
source share

More articles:


All Articles