I've recently had the case that a user un-installed my Shopify app and instantly re-installed it. This caused a problem because I store all my users in a DB table. Login/Installing works as follows: <ol> <li>The user tells me his shop URL</li> <li>I forward the user to example.myshopify.com/admin/oauth/authorize where access is granted to my app</li> <li>I check if that shop URL is already stored in my local user DB <ul> <li>If not: I request a permanent access token and forward the user to the plan selection page</li> <li>If yes: I get the stored permanent access token from the user DB and log the user into my app</li> </ul> </li> </ol> Uninstalling: <ol> <li>The user uninstalls my app in his Shopify backend</li> <li>Shopify sends a webhook to my app</li> <li>I remove that user's data from the user DB</li> </ol> The problem is that the webhooks are sometimes delayed. If an user uninstalls and instantly re-installs, my app will think the install is a login attempt, and will use the now invalid access token stored in the user DB. I figured I could just check if the redirection from the authorization page contains a temporary access token, and if yes, it would be a new installation, but it seems the access token is returned even if the app has already been installed. So my question is: How can I handle instant re-installation gracefully? Surely there's something that I'm overlooking, there can't be such a huge "logic bug" in the Shopify API?

I've had this problem with my apps as well lately. Webhooks only started getting delayed in the last 2 months, and I'd be surprised if most apps out there weren't suffering from this regression bug now. The way I deal with it is - when the user is redirected to the app and the old db object/token is still present in the database, try calling a dummy API call to the Shopify API (something like get shop details) with the token you have. If you get a 403 Unauthorized response, invalidate the user session and refresh the stored token. Another problem is that after a minute or two when the original uninstall webhook does fire, do the same procedure - check for a 403 response. If you DON'T get a 403, then you know that the webhook is old and shouldn't be acted upon, because if you get a 200 OK it means that your token is good and that the app is still installed. It's a bit convoluted and it added a fair bit of code to my apps, but it's the only thing I could think of on a short notice - because merchants do uninstall/re-install quickly fairly often.

Shopify: How can I handle an uninstall followed by an instant re-install?

I've recently had the case that a user un-installed my Shopify app and instantly re-installed it. This caused a problem because I store all my users in a DB table.

Login/Installing works as follows:

The user tells me his shop URL
I forward the user to example.myshopify.com/admin/oauth/authorize where access is granted to my app
I check if that shop URL is already stored in my local user DB
- If not: I request a permanent access token and forward the user to the plan selection page
- If yes: I get the stored permanent access token from the user DB and log the user into my app

Uninstalling:

The user uninstalls my app in his Shopify backend
Shopify sends a webhook to my app
I remove that user's data from the user DB

The problem is that the webhooks are sometimes delayed. If an user uninstalls and instantly re-installs, my app will think the install is a login attempt, and will use the now invalid access token stored in the user DB.

I figured I could just check if the redirection from the authorization page contains a temporary access token, and if yes, it would be a new installation, but it seems the access token is returned even if the app has already been installed.

So my question is: How can I handle instant re-installation gracefully? Surely there's something that I'm overlooking, there can't be such a huge "logic bug" in the Shopify API?

How do you find out what apps a Shopify store is using?

By using a trusted Shopify app detector or Shopify plugin detector, sellers can visit competitor stores and with the click of a button, easily find out what Shopify apps there are on that specific store. From there, you can go on the Shopify search app to find it and use it for your own store.

How do I update my Shopify apps?

To check for available software updates: From your iPhone's home screen, tap App Store. Tap Updates. If there is an iOS or Shopify app update that needs to be installed, then tap Update next to each one, or tap Update all to install all software updates at the same time.

I've had this problem with my apps as well lately. Webhooks only started getting delayed in the last 2 months, and I'd be surprised if most apps out there weren't suffering from this regression bug now.

The way I deal with it is - when the user is redirected to the app and the old db object/token is still present in the database, try calling a dummy API call to the Shopify API (something like get shop details) with the token you have. If you get a 403 Unauthorized response, invalidate the user session and refresh the stored token.

Another problem is that after a minute or two when the original uninstall webhook does fire, do the same procedure - check for a 403 response. If you DON'T get a 403, then you know that the webhook is old and shouldn't be acted upon, because if you get a 200 OK it means that your token is good and that the app is still installed.

It's a bit convoluted and it added a fair bit of code to my apps, but it's the only thing I could think of on a short notice - because merchants do uninstall/re-install quickly fairly often.

Shopify: How can I handle an uninstall followed by an instant re-install?

Tags:

shopify

Louis B.

People also ask

1 Answers

Denis

Recent Activity

Donate For Us

Shopify: How can I handle an uninstall followed by an instant re-install?

Tags:

shopify

Louis B.

People also ask

1 Answers

Denis

Related questions

Recent Activity

Donate For Us