We’re working on a Shopify integration that requires injecting a JavaScript SDK into the checkout flow. The SDK is responsible for collecting risk signals (like device fingerprinting and behavioral data) that are evaluated on an external backend to inform real-time fraud/risk decisions.
Previously, we used checkout.liquid to:
• Load our SDK when checkout started
• Collect and send client-side signals to our backend
• Use that risk score later in the flow to block or modify checkout behavior run in checkout or support our use case
We’re looking for any Shopify-supported way to:
Load a JS SDK during checkout, or at least close to it
Send signals to our backend in real-time
Act on the result during checkout (e.g., via UI Extension or Shopify Function)
Has anyone implemented something similar under the new Checkout Extensibility model?
Any best practices, approved workarounds, or examples would be hugely helpful.
Thanks!
You’ll have to wire up the individual signals to the JS SDK provided by this provider.
Checkout UI extensions do not have access to the browser window, you have to use the provided React APIs in order to access data points like buyer identity.
Practically speaking, the risk system most likely relies on more signals than what Checkout UI extensions currently provide (partially due to PCI compliance).
You won’t be able to access things like:
User agents
Browser details
Other browser APIs
The window object
In general, as a best practice I really wouldn’t recommend trying to evaluate risk before checkout anyway. It’s best to switch to manual payment processing, and make the risk decision after all of the details from the order have been captured.
Then you have a more holistic view of the risk of the transaction, you can even follow up and collect additional evidence to save the order in case of a false flag.