Integration guide
Shopify app
Backend-native OAuth + webhook receiver that can tag (and optionally act on) risky orders.
Repo location
integrations/shopify
The app integration is implemented in the backend under /api/v1/shopify. It verifies webhook signatures and stores per-shop access tokens in Postgres (table: shopify_stores).
Configure environment
SHOPIFY_API_KEYandSHOPIFY_API_SECRETSHOPIFY_SCOPES(comma-separated)API_URLpublic URL Shopify can reach (for OAuth + webhooks)
Install flow (OAuth)
Start an install by requesting the install URL:
curl -sS "https://predax.io/api/v1/shopify/install?shop=YOURSHOP.myshopify.com"
Open the returned install_url in a browser to complete OAuth. On success, the backend stores the access token and registers the orders/create webhook.
Webhook receiver
Shopify will POST order events to the webhook endpoint. The backend verifies the Shopify HMAC signature before processing.
POST /api/v1/shopify/webhooks/orders-createTypical behavior: compute risk for the customer IP (best-effort), tag the order for manual review, and optionally take stricter action depending on store settings.
Admin management (optional)
Manage connected shops and settings via admin endpoints (JWT/admin auth).
GET /api/v1/admin/shopify/storesPATCH /api/v1/admin/shopify/stores