Shopify Integration

DealDome manages multiple Shopify stores simultaneously. The Go backend has a built-in Shopify API client that handles authentication, API calls, and webhook processing — giving the AI agents and the financial dashboard full access to store data.

Multi-store support

DealDome is not limited to a single store. The team runs several Shopify stores at once, and the backend can talk to all of them using the same codebase. Each store has its own set of credentials, and the system picks the right one based on context — for example, when Roos processes an order, she knows which store it belongs to.

This means financial reports, product performance data, and ad spend tracking are all scoped per store, while the agents can query across stores when needed.

Store configuration

Store credentials are stored in the settings table as a JSON array. Each entry contains everything the backend needs to authenticate with that store's Shopify Admin API.

Store fields

  • Name
    name
    Type
    string
    Description

    A human-readable name for the store (e.g., "DealDome NL").

  • Name
    api_key
    Type
    string
    Description

    The Shopify app API key.

  • Name
    api_secret
    Type
    string
    Description

    The Shopify app API secret.

  • Name
    access_token
    Type
    string
    Description

    The permanent access token for the Shopify Admin API.

  • Name
    domain
    Type
    string
    Description

    The myshopify.com domain (e.g., "dealdome-nl.myshopify.com").

Store config example

[
  {
    "name": "DealDome NL",
    "api_key": "abc123...",
    "api_secret": "secret...",
    "access_token": "shpat_...",
    "domain": "dealdome-nl.myshopify.com"
  },
  {
    "name": "DealDome DE",
    "api_key": "def456...",
    "api_secret": "secret...",
    "access_token": "shpat_...",
    "domain": "dealdome-de.myshopify.com"
  }
]

Keep your Shopify API credentials secure. Store them in the database settings table or environment variables — never commit them to version control. Rotate access tokens immediately if you suspect they have been compromised.

Shopify client

The Go backend wraps the Shopify Admin REST API in a client struct that handles authentication, rate limiting, and response parsing. When you need to talk to a specific store, you pass the store config and the client sets the X-Shopify-Access-Token header automatically.

Client usage in Go

client := shopify.NewClient(shopify.Config{
    Domain:      "dealdome-nl.myshopify.com",
    AccessToken: "shpat_...",
})

orders, err := client.Orders.List(ctx, shopify.OrderListParams{
    Status:    "any",
    CreatedAt: shopify.DateRange{Min: yesterday},
})

The Roos agent has 30+ tools that use this client under the hood — everything from looking up a single order by number to bulk-updating inventory levels. The financial data import jobs also use it to pull daily sales and refund data for P&L calculations.

Capabilities

Here is what the Shopify integration can do across all connected stores:

  • Name
    Orders
    Description

    List, search, and retrieve orders. Filter by date, status, or customer. Used heavily by Roos and the financial pipeline.

  • Name
    Products
    Description

    Create, update, and list products and variants. Manage inventory levels and pricing.

  • Name
    Customers
    Description

    Look up customers by email, name, or order history. View lifetime value and order count.

  • Name
    Discount codes
    Description

    Create and manage discount codes and price rules for promotions.

  • Name
    Webhooks
    Description

    Register, list, and delete webhooks for real-time event notifications.

  • Name
    Store info
    Description

    Retrieve store metadata — name, currency, timezone, plan, and domain.

Webhook support

DealDome can receive Shopify webhooks for real-time updates. When something happens in a Shopify store — a new order comes in, a product is updated, a refund is issued — Shopify sends a POST request to a registered endpoint on the DealDome API.

How it works

  1. The backend registers webhook subscriptions with each Shopify store via the Admin API.
  2. Shopify sends a POST request to https://api.dealdome.eu/webhooks/shopify when an event fires.
  3. The backend verifies the X-Shopify-Hmac-SHA256 header using the app's API secret to confirm authenticity.
  4. The payload is parsed, and the relevant handler updates the local database — for example, syncing a new order into daily_financials.

Webhook verification

func verifyShopifyWebhook(body []byte, hmacHeader, secret string) bool {
    mac := hmac.New(sha256.New, []byte(secret))
    mac.Write(body)
    expected := base64.StdEncoding.EncodeToString(mac.Sum(nil))
    return hmac.Equal([]byte(expected), []byte(hmacHeader))
}

Was this page helpful?