-
50634c0: Adds API to update the capped amount for a usage billing plan.
A new billing helper function has been added to update the capped amount for a usage billing plan.
const response = await shopify.billing.updateUsageCappedAmount({ session, subscriptionLineItemId: 'gid://shopify/AppSubscriptionLineItem/1234567890', cappedAmount: { amount: 100, currencyCode: 'USD', }, }); console.log(response);
Learn more about App Billing.
-
5c01460: Adding toggle parameter flag to return implied scopes from Remix API Query by returning original scopes from AuthScopes instantiation
Example: const scopes = new AuthScopes(['read_customers', 'write_customers', 'read_products', 'write_channels']); scopes.toArray() returns ['write_customers', 'read_products', 'write_channels'] scopes.toArray(true) returns ['read_customers', 'write_customers', 'read_products', 'write_channels']
- 59896e3: Updated
isbotdependencies - 2e396f3: Updated
expressdependencies - 5efb3a2: Updated
expressdependencies - cd0b3e1: Updated
josedependencies - bad62cc: Updated
tslibdependencies - 10f4fd0: Updated
josedependencies - Updated dependencies [f38dfc0]
- @shopify/graphql-client@1.2.1
- @shopify/admin-api-client@1.0.4
- @shopify/storefront-api-client@1.0.3
- 7a2e78a: Add October 2024 REST resources
- 18ee7e2: Updated
josedependencies - 6bda2fc: Fix type declaration for payment_transaction
- Updated dependencies [97c31fb]
- @shopify/admin-api-client@1.0.3
- 323bef3: Update documentation to make it clear when to use app-specific vs shop-specific webhooks and which methods/config uses which approach
- fb48795: Fix type error for the Application Charge rest resource
-
4e143ec: Adds ts-docs to header utils
-
4a1ffad: Adds API to create usage records for billing
A new billing helper function has been added to create usage records for a usage billing plan.
const chargeBilling = await billing.createUsageRecord({ description: 'Usage record for product creation', price: { amount: 1, currencyCode: 'USD', }, isTest: true, }); console.log(chargeBilling);
Learn more about App Billing.
- a426889: Exposing override types for
lineItemsin the billingrequestmethod. - 8e61a39: setUpValidRequest in shopify-api now preserves headers. Documentation for test helpers now more accurately describes use cases.
- Updated dependencies [ada2cc3]
- @shopify/graphql-client@1.2.0
- @shopify/admin-api-client@1.0.2
- @shopify/storefront-api-client@1.0.2
-
e9b4f22: fixes/webhook-typesafety
-
8f92455: Test helpers and changes to enable automated unit and e2e testing for @shopify/shopify-app-remix
See documentation for examples on how to use these helper methods.
import prisma from '~/db.server'; import { PrismaSessionStorage } from '@shopify/shopify-app-session-storage-prisma'; import { RequestType, setUpValidRequest, setUpValidSession, } from '@shopify/shopify-api/test-helpers'; // set up test Session const sessionStorage = new PrismaSessionStorage(prisma); const session = await setUpValidSession({ shop: getShopValue('test-shop'); }); await sessionStorage.storeSession(session); let request: Request = ... // the request intercepted by end-to-end testing framework const authorizedRequest = setUpValidRequest( { type: RequestType.Extension, store: `test-shop-${process.env.TEST_PARALLEL_INDEX}`, apiKey: ..., // the same value as `apiKey` passed to shopifyApi() apiSecretKey: ..., // the same value as `apiSecretKey` passed to shopifyApi() }, request ); // use authorizedRequest to complete the request, or use the url or headers of authorizedRequest to modify the original request. ... // complete testing here // tear down test Session await sessionStorage.deleteSession(session.id);
- e944c72: Updated
isbotdependencies
-
05fb23d: Added a new future flag
unstable_managedPricingSupportto support apps using Shopify managed pricing, which will:- Change
billing.checkto always return an object. - Change
billing.checkandbilling.subscriptionto work without a billing config. - Allow calling charges with
billing.checkwithout aplansfilter. ThehasActivePaymentvalue will be true if any purchases are found with the given filters.
- Change
-
1aa226b: Return headers in responses from GraphQL client.
Headers are now returned in the response object from the GraphQL client.
In apps using the
@shopify/shopify-app-remixpackage the headers can be access as follows:const response = await admin.graphql( ... const responseJson = await response.json(); const responseHeaders = responseJson.headers const xRequestID = responseHeaders? responseHeaders["X-Request-Id"] : ''; console.log(responseHeaders); console.log(xRequestID, 'x-request-id');
- 192cc6b: Expose AuthScopes type
- 06793fb: Session is active if the scopes list includes the scopes received. Token wont be regenerated if the current includes additional scopes.
- 3a0a3d4: Improved code readability and execution time of cookie/header helper functions
- 3cf3c56: Updated dependency on the
josepackage.- @shopify/admin-api-client@1.0.1
- @shopify/storefront-api-client@1.0.1
- ea7c05d: Added support for API version 2024-07
- 1de1f15: bump jose from 5.4.0 to 5.4.1
- 58fb360: Updated dependency on
uuid - 8eafd2b: Fixed creation of nested REST resource objects in the Remix package.
- 6970109: Drop support for Node 16. This package is compatible with Node version >=18.2.0.
- b5a4735: chore:robust-typesafe-error-handling
- 36e3c62: Add support for Node 22.
-
d9f2601: Bump jose from 5.2.4 to 5.3.0
-
92b6772: Added an
is_defaultfield toCustomerAddressso it doesn't overlap with the existingdefault()method we provide in the class.Before:
const address = await shopify.rest.CustomerAddress.find({session, id: 1234}); // Boolean console.log(address.default); // Error - not a function await address.default();
After:
const address = await shopify.rest.CustomerAddress.find({session, id: 1234}); // Boolean console.log(address.is_default); // Function await address.default();
To prevent breaking existing apps, this only happens when the
customerAddressDefaultFixflag is enabled. -
a42efff: Bump isbot from 5.1.4 to 5.1.6
-
9749f45: Handle empty responses to REST requests for DELETE endpoints gracefully, instead of throwing an error when parsing the JSON.
-
Updated dependencies [36e3c62]
-
Updated dependencies [6970109]
- @shopify/admin-api-client@1.0.0
- @shopify/storefront-api-client@1.0.0
Note
For more details on migrating to v10, please follow see the migration guide.
-
379206c: Webhook validation will now return a different
reasonvalue when the HMAC value is missing from the request. Instead of returningWebhookValidationErrorReason.MissingHeadersas it does for the other headers it validates, it will now return a newWebhookValidationErrorReason.MissingHmacerror so this check matches other HMAC validations.If your app doesn't explicitly check for the error after calling
webhook.validate(), you don't need to make any changes. -
637c6c3: This
scopesfield on the API config object is now optional. If your app is using the new managed install flow, it is now recommended you omit thescopesproperty from the config object. -
61576be: Changed the package's build process to produce both ESM and CJS outputs.
While this should have no effect on most apps, if you're directly importing a file from the package, its path will have changed. Regular imports for package files remain unchanged.
Before:
import 'node_modules/@shopify/shopify-api/lib/clients/admin/graphql/client'; import '@shopify/shopify-api/adapters/node';
After:
// Add `dist/esm|cjs/` before the file import 'node_modules/@shopify/shopify-api/dist/esm/lib/clients/admin/graphql/client'; // Unchanged import '@shopify/shopify-api/adapters/node';
- 65325b8: Change v10_lineItemBilling flag to lineItemBilling
- 6f1a98e: Fixing REST resource
find()methods to fail when missing all ids, instead of defaulting to the same behaviour asall(). - 379206c: Postponed deprecating the GraphQL clients'
querymethod because they haven't been deprecated for long enough. They'll be removed when v11 is released instead. - Updated dependencies [715a120]
- @shopify/storefront-api-client@0.3.4
- @shopify/admin-api-client@0.2.9
- 16f52ee: Include error message into HttpRequestError
- 8c97e8a: Updated dependency on isbot
- a60c214: Fix type error in graphql error handler
- 513f9e6: Fixed an issue with the
RecurringApplicationChargeREST resource currency type
- 3415a8c: Added support for the 2024-04 API version.
- c9dff9f: Add
Shop.current()method to the REST resources
- b60c6c9: Fixes bug, that is returning the onlineAccessInfo field on the session, when the session if offline
- 96a0aab: Fix bug that was causing duplicate keys in Session when using FromPropertyArray with returnUserData = true
-
b912ecd: Updates the Session class to handle the associated user information on the session object.
Updates the Session
fromPropertyArrayto handle all user info fields. New optional argumentreturnUserData, (defaulted tofalse), will return the user data if it is apart of the property array. This will be defaulted totruein an upcoming version.const sessionProperties = session.toPropertyArray(true); /* if sessionProperties has the following data... [ ['id', 'online_session_id'], ['shop', 'online-session-shop'], ['state', 'online-session-state'], ['isOnline', true], ['scope', 'online-session-scope'], ['accessToken', 'online-session-token'], ['expires', 1641013200000], // example = January 1, 2022, as number of milliseconds since Jan 1, 1970 ['userId', 1], ['first_name', 'online-session-first-name'], ['last_name', 'online-session-last-name'], ['email', 'online-session-email'], ['locale', 'online-session-locale'], ['email_verified', false] ['account_owner', true,] ['collaborator', false], ], */ const session = Session.fromPropertyArray(sessionProperties, true); /* ... then session will have the following data... { id: 'online_session_id', shop: 'online-session-shop', state: 'online-session-state', isOnline: true, scope: 'online-session-scope', accessToken: 'online-session-token', expires: 2022-01-01T05:00:00.000Z, // Date object onlineAccessInfo: { associated_user: { id: 1, first_name: 'online-session-first-name' last_name: 'online-session-last-name', email: 'online-session-email', locale: 'online-session-locale', email_verified: false, account_owner: true, collaborator: false, }, } } */
Updates the Session
toPropertyArrayto handle all user info fields. New optional argumentreturnUserData, (defaulted tofalse), will return the user data as part of property array object. This will be defaulted totruein an upcoming version.const {session, headers} = shopify.auth.callback({ rawRequest: req, rawResponse: res, }); /* If session has the following data content... { id: 'online_session_id', shop: 'online-session-shop', state: 'online-session-state', isOnline: true, scope: 'online-session-scope', accessToken: 'online-session-token', expires: 2022-01-01T05:00:00.000Z, // Date object onlineAccessInfo: { expires_in: 1, associated_user_scope: 'online-session-user-scope', associated_user: { id: 1, first_name: 'online-session-first-name', last_name: 'online-session-last-name', email: 'online-session-email', locale: 'online-session-locale', email_verified: true, account_owner: true, collaborator: false, }, } } */ const sessionProperties = session.toPropertyArray(); /* ... then sessionProperties will have the following data... [ ['id', 'online_session_id'], ['shop', 'online-session-shop'], ['state', 'online-session-state'], ['isOnline', true], ['scope', 'online-session-scope'], ['accessToken', 'online-session-token'], ['expires', 1641013200000], // example = January 1, 2022, as number of milliseconds since Jan 1, 1970 ['userId', 1], // New returns the user id under the userId key instead of onlineAccessInfo ['first_name', 'online-session-first-name'], ['last_name', 'online-session-last-name'], ['email', 'online-session-email'], ['locale', 'online-session-locale'], ['email_verified', false] ['account_owner', true,] ['collaborator', false], ], */
-
87208ea: Add a context argument to webhooks process function to make it easier for Cloudflare apps (and others that might use a context object) to pass information to the handler.
- 1344258: Bumps jose from 5.2.2 to 5.2.3.
- 01371f7: Add function to authenticate fulfillment service requests
- 4e7c479: Show an INFO log for disabled future flags to encourage apps to migrate ahead of time, making major version bumps simpler.
- 13a230d: Enabled returning the full response object in
Customer.search()andGiftCard.search(), so that apps can paginate through the results. - f57712c: Refactor HMAC validation to use a common function.
- 01a803d: Reintroduced logging of HTTP requests for OAuth processes, which was incorrectly removed when the new clients were introduced.
- @shopify/admin-api-client@0.2.8
- @shopify/storefront-api-client@0.3.3
- @shopify/admin-api-client@0.2.7
- @shopify/storefront-api-client@0.3.2
- d6657e8: Return additional app subscription plan information, including the line item IDs
- 6eb8091: Updated dependency on
jose- @shopify/admin-api-client@0.2.6
- @shopify/storefront-api-client@0.3.1
- Updated dependencies [9df4bacf]
- @shopify/storefront-api-client@0.3.0
- @shopify/admin-api-client@0.2.5
- 661d52dd: Fix bug with creation of webhooks with subtopics
- 35e06823: Add webhook subtopic as an additional option field when creating webhook subscriptions
- fbae4bcc: Bumps compare-versions from 5.0.3 to 6.1.0.
- cc52aaca: Fix linked reference for session in token exchange docs
- @shopify/admin-api-client@0.2.4
- @shopify/storefront-api-client@0.2.4
-
e2d4fee2: Update lineItemBilling future flag to v10. Current users of
unstable_lineItemBillingwill need to update tov10_lineItemBillingto continue using this feature.const shopify = shopifyApi({ // ... future: { v10_lineItemBilling: true, });
- db7d9cff: Remove gating of the token exchange API behind the
unstable_tokenExchangeflag.
-
9c41d910: Added support for validating Flow extension requests, using
shopify.authenticate.flow.Please see the
flowobject documentation for more information. -
348b138a: Export GraphqlClient class from types
- 224fbf57: Fixed the types of the
balanceandcurrencyfields in theGiftCardobject. - 0f0ffb8a: Updated global fetch types to more closely match reality
- Updated dependencies [0f0ffb8a]
- @shopify/storefront-api-client@0.2.3
- @shopify/admin-api-client@0.2.3
- 4d7f9a01: Update documentation with required shopifyApi params
- 1b4caf91: Return "body" field from GraphqlQueryError type
- Updated dependencies [b2414c2f]
- @shopify/storefront-api-client@0.2.2
- @shopify/admin-api-client@0.2.2
- fdd25e13: Fixed an issue in the
RestClientclass'requestmethod, which was incorrectly madeprivateinstead ofprotected.- @shopify/admin-api-client@0.2.1
- @shopify/storefront-api-client@0.2.1
-
64f61414:
[!NOTE] This change only affects apps that are using custom runtime adapters. If you're using a default adapter from this package, you don't need to make this change.
Changed
setAbstractFetchFuncto accept afetchAPI instead of one based onNormalizedRequestandNormalizedResponse.With this change, we can return a
Responseobject for requests with the upcoming clients, which can help make the interface for requests more familiar to users.For more information and examples, see the migration guide to v9.
-
7bd4be08: Rephrased
gdprTopicstoprivacyTopicsto account for other privacy regulations with data subject requests.This changes the name of the exported object. You can fix this by changing your
importstatements:Before:
import {gdprTopics} from '@shopify/shopify-api';
After:
import {privacyTopics} from '@shopify/shopify-api';
-
83b15905: Allow access tokens to be marked as expired before actual expiry.
-
218f4521: Use the new GraphQL API clients in shopify-api to use all of the latest features, including automatic types for query / mutation return object and variables.
For more information and examples, see the migration guide to v9.
-
18781092: Updated shopify-api GraphQL clients' APIs to be closer to the underlying clients
-
4dd7612d: Underpinned the new REST client from
admin-api-clientintoshopify-api, so apps can access it as a standalone client as well. -
5e85e15b: Added support for the 2024-01 API version.
-
64cda80a: Add helpers to convert between shop admin URLs and legacy URLs.
sanitizeShoputility method can now support shop admin URLs.
- Updated dependencies [88858305]
- Updated dependencies [218f4521]
- Updated dependencies [0286e7fe]
- Updated dependencies [18781092]
- Updated dependencies [2b9e06f6]
- Updated dependencies [194ddcf2]
- Updated dependencies [c9622cd7]
- @shopify/admin-api-client@0.2.0
- @shopify/storefront-api-client@0.2.0
- 880c9ddf: Add isExpired() and isScopeChanged() functions to Session class
-
bf0664bb: Line Item Billing
Now with the future flag
unstable_lineItemBillingyou can specify multiple line items in a single billing request. This will allow you to create a single billing request for a subscription with both recurring and usage based app billing.You will define the new billingConfig as follows.
const shopify = shopifyApp({ billing: { MultipleLineItems: { replacementBehavior: BillingReplacementBehavior.ApplyImmediately, trialDays: 7, lineItems: [ { interval: BillingInterval.Usage, amount: 30, currencyCode: 'USD', terms: 'per 1000 emails', }, { interval: BillingInterval.Every30Days, amount: 30, currencyCode: 'USD', discount: { durationLimitInIntervals: 3, value: { amount: 10, }, }, }, ], }, }, futures: { unstable_lineItemBilling: true, }, });
-
eae5a4a8: Introduce token exchange API for fetching access tokens. This feature is currently unstable and is hidden behind the
unstable_tokenExchangefuture flag.❗ To learn more about Token Exchange, see Performing OAuth
- 58a20daf: Changed LATEST_API_VERSION export to point to October23. Thanks @SeanMythen!
- c8eebf30: Fixing publishing process to prevent empty packages
-
737838dd: Removed support for Node 14, and removed existing code deprecations.
For details on what's changed in this version, please see the V8 migration guide.
- df5fb586: Added support for the
futureconfiguration option. This will allow apps to opt in to upcoming features without needing to install RC packages. - cf60b3d1: Added support for the 2023-10 API version.
- 5da6add9 / 3382a958: Allow overriding billing configurations when requesting payment, so that apps can use different values for different requests.
- be262ba1: Allow using Session objects to create Storefront API clients that make requests using private access tokens.
- 8187031f: Fix CustomerAddress.all not returning anything
- d2df0b1b: validateHmac now accepts an optional second param. Use this to support HMAC validation for app proxy requests
- c2962537: Fix storefront client incorrectly setting private token as access token
- 6f075397: Allow not checking a session token payload's
audfield to support tokens generated outside of the Shopify Admin. - ce638203: Fixing host validation to work with unified admin shops
- 7a953a92: Adding support for 2023-07 API version
- 9735d0c3: Stop sending the privateMetafieldNamespaces field in webhook queries to avoid the API duplication warning, and added a new shopify.utils.versionPriorTo method to help with cases like this one where apps will need to stop doing something that was deprecated.
- 1d84c135: Add Web API runtime adapter
- a9ef2e20: Fix crypto module set up for node, so it doesn't break webpack apps
- 85e7478f: [Internal] Improved tracking of webhook registration GraphQL calls
-
52047d68: Add optional parameter to
billing.checkandbilling.requestto modify return value to be a more detailed object. -
9b8ef033: Added Subscription cancel capabilities for App Billing. Fixes #771
Usage:
const canceledSubscription = await shopify.billing.cancel({ session, subscriptionId, });
See Billing Guide for more details.
- c700888a: Deprecated privateMetafieldNamespaces field in HTTP webhook configurations
- b6e9f83c: Add shop search param to default billing return URL for non-embedded apps
- 18671105: Return the performed operation for each handler when registering webhooks
- 57f31117: Add webhooks.validate method to support webhooks without callbacks
- 65eb416f: Export BillingCheckParams, BillingRequestParams and session.getJwtSessionId
- 1a64d96c: Added
returnUrlas optional parameter to billingrequestfunction, improvedreturnUrllogic. See documentation ofreturnUrlparameter for more details. - 89cca000: Discount functionality for App Billing. Fixes #731
-
8de3c783: Removed
setCryptofunction to simplify runtimes -
2628a7fc: Add scopes validation for AuthScopes object and convert it to array. Fixes #1208, 1221
-
d028ec0f: Replace
semverwithcompare-versionslib to reduce dependency on nodejs builtin-libs -
7dcecb65: [Custom store apps only] Add new
adminApiAccessTokenparameter toconfigfor whenisCustomStoreAppistrue. If set, it will be used for API access.apiSecretKeyshould now be set to the custom store app's API secret key, which is used to validate the HMAC of webhook events received from Shopify for a custom store app. Fixes #772, #800For apps that don't receive HTTP webhook events from Shopify, no change is required yet -
apiSecretKeywill be used for client authentication as the fallback option.Starting with the next major release
adminApiAccessTokenwill be mandatory for custom store apps and must be set to the Admin API access tokenapiSecretKeywill not be used for client authentication but must be set for HMAC validation of HTTP webhook events
See setting up a custom store app for more details.
-
450c9e7f: Add deprecation notice for removal of Node 14 support from next major release
-
9c095d12: Bumps jose from 4.13.1 to 4.14.1. See jose's changelog for more details.
-
f04f0f64:
apiKeyconfiguration parameter is no longer mandatory whenisCustomStoreAppistrue. Fixes #782 -
464fd4f2: Extend support for Event topic names
-
e8966d50: Restoring REST resources for 2022-04, updates to certain resources for other API versions
-
8de6024f: [Fix] Forward original graphql error message to client
-
f09417c4: Adds check for Google's Crawler in the authorization functions to prevent
CookieNotFounderror loops. Fixes #686 -
cbffa2f6: Add trial days and replacement behavior to usage billing mutation. Fixes #770
-
5a68e4a5:
⚠️ [Breaking] Return pagination info as part of .all() requests in REST resources, and remove the[PREV|NEXT]_PAGE_INFOstatic, thread unsafe attributes. Instead of returning a plain array of objects, it will now return an object containing that array, as well as the response headers and pagination info.This enables apps to use locally-scoped pagination info, which makes it possible to use pagination in a thread-safe way.
You'll need to make 2 changes to use this version:
- Where you accessed resources from the response, you'll now access the
dataproperty. - Where you accessed pagination data from the static variables, you'll now retrieve it from the response.
const response = await shopify.rest.Product.all({ /* ... */ }); // BEFORE const products: Product[] = response; const nextPageInfo = shopify.rest.Product.NEXT_PAGE_INFO; // AFTER const products: Product[] = response.data; const nextPageInfo = response.pageInfo?.nextPage; const responseHeaders = response.headers;
- Where you accessed resources from the response, you'll now access the
-
fc2692f0:
⚠️ [Breaking] Removing deprecated code:- The
isPrivateAppparam fromshopifyApi()was removed in favour ofisCustomStoreApp. - The
isOnlineparam fromshopify.auth.callback()was removed, because it's now handled automatically.
- The
-
8acc71da: Adding support for 2023-04 API version.
⚠️ [Breaking] Removing support for 2022-04 and 2022-07 API versions. -
2096f9e4: The logger is now synchronous. This removes unnecessary
await's from functions that use the logger but functionally don't need toawaitanything else.webhooks.addHandlersis the main impacted public method (it wasasynconly because of the logging mechanism).Apps that use the default logging methods (which send to
console) will not be impacted by this change. Apps that implement their own loggers may be impacted; async logging functions can still be used but they need to be handled as promises.// BEFORE const myLogFunction = async (severity, message) => { try { await MyService.log(severity, message); // After external call } catch { // Handle error } }; // AFTER const myLogFunction = (severity, message) => { MyService.log(severity, message) .then(() => { // After external call }) .catch(() => { // Handle error }); };
- f06912d3: Bump jose from 4.11.2 to 4.13.1. See jose changelog for details.
- 89847cac: Bump @shopify/network from 1.5.1 to 3.2.1. See network changelog for details.
- 896ef0d8: Add response headers to
GraphqlQueryError. Fixes #553 - 97449f9e: validateHmac will now check for a
hmacor asignaturequery argument. Fixes #776
- [Minor] Validate HMAC timestamp during OAuth #671
- [Patch] Improve logger call on different API versions #664
- [Patch] Prevent leakage of session object with REST resources #690
- [Patch] Improve typing of
PREV_PAGE_INFOandNEXT_PAGE_INFOfor REST resources #701 - [Minor] Change
isPrivateAppconfiguration item toisCustomStoreApp, keepisPrivateAppbut with a deprecation notice, addshopify.session.customAppSessionmethod to create a session suitable for use with clients, REST resources in a store-specific custom app #710
- [Minor] Allow api version overrides #660
- [Minor] Add support for 2023-01 API version #659
- [Patch] Force
/path on session cookie #658 - [Patch] Don't ignore previous headers when beginning OAuth #652
- [Patch] Export missing client types from package #648
- [Patch] Add an info-level log of API library version and runtime environment string during initialization, to aid in troubleshooting 650
- [Patch] Add new tracking SDK headers to Storefront API client #649
- [Patch] Raise an
InvalidSessionifSession.fromPropertyArrayreceive an object that is not an array - [Patch] Validate content of host parameter using sanitizeShop regex #634
- [Patch] Use the GraphQL format of webhook topics in the error message #626
- [Patch] Export deprecation notices for v5 main interface #639
- [Patch] Fixed an issue when parsing the response body in the AssignedFulfillmentOrder REST resource #644
- [Patch] Auto-detect session type in auth callback, deprecate
isOnlineargument #628 - [Patch] Removed callback URL path check from webhook processing #629
- [Patch] Pass api version to webhook handlers #630
⚠️ [Breaking] Major overhaul ofShopify/shopify-api-node, which is a complete breaking change across all surfaces of the library. See the migration guide for instructions on how to update your app.
- [Minor] Pass webhook id to handlers #606
- Added support for the
2022-10API version #535
- Increased tolerance for expired JWT session tokens from 5s to 10s #462
- Add support for billing to the library #449
- Allow dynamically typing the body of REST and GraphQL request responses, so callers don't need to cast it #447
- Rather than create a temporary session in order to store a session id in a cookie for the OAuth transaction, we can store the
statein the cookie instead, that can then be compared against thestateprovided by Shopify in the callback. #438
- Make
sanitizeHostvalidation more flexible #446
⚠️ [Breaking] If a response from a GraphQL query contains anerrorsattribute,GraphqlClientwill now throw aGraphqlQueryError. The caller can check theerror.responseattribute to see what was returned from the GraphQL API. #431⚠️ [Breaking] Add utils functions to sanitize shops and hosts, and remove thevalidateShoputils function #434- Allow passing in options for the Redis client used by the session storage strategy #430
- Fix User-Agent header sent in PUT / POST requests #435
- Return a 401 instead of 403 when webhooks fail validation #425
- Add optional new methods
deleteSessionandfindSessionsByShoptoSessionStorage, with the corresponding implementations for the various session storage adapters #418 - Include subset of query body in API deprecation logs #426
- Add new method to construct the host app URL #419
⚠️ [Breaking] Add REST resources for July 2022 API version, addLATEST_API_VERSIONconstant, remove support and REST resources for July 2021 (2021-07) API version #415- Add support for July 2022 API version #409
- Fix a bug where the PostgreSQL session storage always attempted to create the sessions table #413
- Return instances of
Sessionfrom session storages, not POJOs.
- Store user id and expiration date of online tokens
- Properly parse a non-json HTTP response #257
- Don’t create a SQLite DB file if the SQLite storage is not used.
- Support for specifying the URI scheme of the host #385
- Add optional
savingparameter toserializeofBaseclass - default isfalseand will include read-only attributes in returned object;trueused forsavewhen committing via API to Shopify.
- Fixes #363
- Webhooks
registernow checks for any attempt to register a GDPR topic (not done via API but by Partner Dashboard), provides an error message in response - For topics that don't exist,
registerchecks the response from the initial API call for anerrorsfield and returns accordingly
- Webhooks
- Allow REST resources to configure a deny list of attributes to be excluded when saving #355
⚠️ [Breaking] Removing API version2021-04#343⚠️ [Breaking] TheHttpResponseErrorerror and its flavours (all returned from HTTP requests) have been slightly altered:- They now take in a hash of values, and will always include the response code, body (as a string if the response is not JSON), and headers
- All response fields are now contained within a
responseobject, to make it easier to access them
⚠️ [Breaking] Update supported Admin API versions #310- Allow full paths in REST requests #301
-
⚠️ [Breaking] Stop responding to the request in the GraphQL Proxy function, returning Shopify's response instead #312The examples below are in express; you will now need to handle the response yourself.
Before:
app.post('/graphql', async (req, res) => { await Shopify.Utils.graphqlProxy(req, res); });
After:
app.post('/graphql', async (req, res) => { const response = await Shopify.Utils.graphqlProxy(req, res); res.status(200).send(response.body); });
- Add support for January 2022 API version #285
- Add a 5 second
clockToleranceto fixjwt not activeerror #227 ⚠️ [Breaking] Change default for OAuth.beginAuth to online sessions #203- see oauth.md for updated docs
⚠️ [Breaking] Return and delete session invalidateAuthCallback#217- see oauth.md for updated usage
⚠️ [Breaking] ExtractaddHandlerandgetHandlermethods for webhooks out ofregister#205⚠️ [Breaking] Sessions no longer default tofalseforisOnline#169- Required
Sessionarguments must be passed to the constructor #169 - Allow
undefinedinAuthScopes#169
- Fixed the HTTP client error messages to expand objects #252
- Added
October21toApiVersion#247
- Don't include extra params when calculating local hmac #196
- Added Storefront API client under
Shopify.Clients.Storefront - Add
isActive()method toSessionclass to check if session is active, replaceSessionwithSessionInterfacewhen used as a type #153
- Added
April21toApiVersion#149
- Allow plain objects to be returned from the
loadCallbackonCustomSessionStorage#126 - Documentation and example code for
CustomSessionStorage#129
- Throw a different error for a missing cookie upon OAuth return #131
- Improved documentation for GraphQL and Rest Clients. #123
- Made Docs directory more browseable in GitHub. #136
- Make sure
CustomSessionStorageconverts theexpiresfield from a string toDate. #132 - Made
limitoptional for get-requests with query #135
- Minor text/doc changes
- Added
2021-01API version to enum. #117 - Allow retrieving offline sessions using
loadCurrentSession. #119
- Initial public release
- Added
AuthScopesvalue object to allow apps to easily check whether scopes have been updated. #110
- GraphQL Proxy attempts to parse the request body as JSON before passing it to the client. #106
- Webhooks types are now exported outside the library #91
- Added support for private apps #99
USER_AGENT_PREFIXadded to Context, to add agent to all requests #101- Add link to tutorial on how to rotate credentials if neccesary #107
- Export
withSessionutility method #96 - GraphQL Client appropriately handles queries with variables #97
- Use cryptographically random bytes to generate nonce #98
- Stop using
SameSite=nonecookies for OAuth, usinglaxinstead #100
- Fixed an issue when deleting the current session for embedded apps #88
- Add
withSessionutility method #83
- Preserve the OAuth cookie session for a few seconds so SPA can perform their initial load using it #70
- Session fetches now return
undefinedwhen a session is not available #64 - Add
deleteCurrentSessionutils method #60
- Beta release
- Test releasing scripts
- Start of Changelog