A django app with all the tools required to make a Shopify app
Project description
django-shopify-app
Add the app in settings.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'shopify_app',
'shops',
]
Add the required configurations in settings.py
SHOPIFY_API_KEY = config('SHOPIFY_API_KEY')
SHOPIFY_API_SECRET = config('SHOPIFY_API_SECRET')
SHOPIFY_APP_SCOPES = [
'read_products',
'read_orders',
]
SHOPIFY_WEBHOOK_TOPICS = [
'products/update',
'app/uninstalled',
]
SHOPIFY_SHOP_MODEL = 'shops.Shop'
SHOPIFY_WEBHOOK_HOST = 'https://moship.ngrok.io'
SHOPIFY_APP_HOST = 'https://moship.ngrok.io'
SHOPIFY_WEBHOOK_CALLBACK = 'shops.webhooks.webhook_entry'
SHOPIFY_GDPR_WEBHOOK_CALLBACK = 'shops.webhooks.webhook_entry'
Authorization
The package supports two authorization flows: token exchange (recommended for embedded apps) and authorization code grant (legacy / non-embedded apps).
Token exchange (recommended)
Token exchange eliminates OAuth redirects. The backend exchanges the session token from App Bridge for an access token via a server-side POST to Shopify. No page reloads or flicker.
Scopes are managed via shopify.app.toml and deployed with Shopify CLI (shopify app deploy). Shopify handles installation and scope updates automatically.
Add to settings.py:
SHOPIFY_TOKEN_EXCHANGE = True # Enable token exchange
SHOPIFY_DASHBOARD_PATH = '/dashboard' # Where to redirect from app root
Set up your URLs:
from django.urls import path, include
from shopify_app.views import AppRootView
urlpatterns = [
path('', AppRootView.as_view()),
path('shopify/', include('shopify_app.urls')),
# your dashboard urls...
]
When a merchant opens your app, AppRootView redirects to the dashboard. The first API request from the dashboard triggers token exchange automatically via ShopSessionMixin / shop_session, storing the access token for subsequent requests.
Authorization code grant (legacy)
For non-embedded apps or apps that don't use Shopify managed installation.
from django.urls import path
from shopify_app.views import AppRootView, EndTokenRequestView
app_name = 'my_shopify_app'
urlpatterns = [
path(
'',
AppRootView.as_view(
redirect_path_name='my_shopify_app:end-token-request',
),
),
path(
'confirm/',
EndTokenRequestView.as_view(
redirect_path_name='embed_admin:dashboard',
),
name='end-token-request'
),
]
With SHOPIFY_TOKEN_EXCHANGE = False (default), AppRootView falls back to the OAuth authorization code grant flow.
Webhook URLs
from django.urls import path, include
urlpatterns = [
path('shopify/', include('shopify_app.urls')),
]
ShopSessionMixin
A mixin that authenticates requests against a valid Shopify shop session (JWT). Use it with any APIView or DRF generic view:
from rest_framework.views import APIView
from shopify_app.mixins import ShopSessionMixin
class MyView(ShopSessionMixin, APIView):
def get(self, request, *args, **kwargs):
shop = request.shop
...
Staff bypass
Staff users can skip Shopify JWT validation if they have a shop associated with their user model. Enable it globally in settings:
SHOPIFY_STAFF_BYPASS = True # Default: False
SHOPIFY_STAFF_BYPASS_METHODS = ['GET', 'HEAD', 'OPTIONS'] # Default: None (all methods)
SHOPIFY_STAFF_SHOP_ATTR = 'admin_shop' # Default: 'admin_shop'
SHOPIFY_STAFF_BYPASS_METHODS restricts which HTTP methods are allowed through the bypass. When None (default), all methods are allowed. When set, unlisted methods (e.g. POST, PUT, DELETE) will require Shopify JWT validation even for staff users.
Or per-view:
class MyView(ShopSessionMixin, APIView):
allow_staff_bypass = True # Overrides the global setting
When enabled, if the request user is authenticated, is staff, and has a truthy value on the configured attribute (admin_shop by default), the mixin sets request.shop from that attribute and skips JWT validation.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_shopify_app-2.2.2.tar.gz.
File metadata
- Download URL: django_shopify_app-2.2.2.tar.gz
- Upload date:
- Size: 13.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b90412c0b30e0a50e6aa70606872ff55a31d7a96c5c9c15919793fcfd2e27acc
|
|
| MD5 |
8a99351f1b017fdfd5aaa7c5ba1f2f5a
|
|
| BLAKE2b-256 |
053a9f4ce5e2c15cba095e4037478667858542f4f58ebeb057f8701f09ae7ab6
|
File details
Details for the file django_shopify_app-2.2.2-py3-none-any.whl.
File metadata
- Download URL: django_shopify_app-2.2.2-py3-none-any.whl
- Upload date:
- Size: 17.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9b8611728f7b04d885983d64184d68768e4b1ba61df74e97dca516e5175536f7
|
|
| MD5 |
f0084a86353a3e6ce02a24492cb812de
|
|
| BLAKE2b-256 |
bb82925af503b2f45befe0f395d8b20d0028cf05d0b6c9635de1e5acecb62927
|
