Hi everyone,
We’ve recently encountered some unexpected behavior with the Shopify App Bridge Product Picker, particularly related to how product images are handled, and we’re hoping for some guidance or clarity from the community or Shopify team.
What’s Happening:
Until now, product images returned via the Product Picker were hosted on cdn.shopify.com. However, we’ve noticed a silent shift, image URLs are now being served from a new domain:
shopify-shop-assets.storage.googleapis.com
Here’s an example of the new URL format we’re seeing:
https://shopify-shop-assets.storage.googleapis.com/s/files/.../products/...jpg?X-Goog-Algorithm=...&X-Goog-Credential=...&X-Goog-Expires=300&X-Goog-Signature=...
These URLs come with signed query parameters and an expiry timestamp (X-Goog-Expires=300), making them time-sensitive and temporary.
Issues We’re Facing:
- Content Security Policy conflicts Since the new image domain wasn’t previously allowed in our CSP, images are no longer rendering inside our embedded app without manual CSP updates.
- Increased URL size The new URLs are significantly longer than the previous ones, almost double in length. This has caused some of our bundle create/update API requests to fail with 400 Bad Request due to hitting size limits.
- Image resizing logic no longer works Previously, we relied on appending _200x200 or similar to the image URL to fetch a specific size. This no longer works with the signed URLs.
- URLs are expiring Because these are signed and time-limited, we can’t store them for later use (e.g., for pre-populating selected product images on re-editing a bundle). The links expire and become invalid.
Why This Matters:
For context, we use the Product Picker to let merchants select products for a bundle. As part of that flow, we show thumbnails of selected products for clarity and a better UX.
With these changes:
- Images don’t show in the app UI
- We can’t reliably persist product images
- API calls are failing due to long strings
What We’re Hoping to Learn:
- Is this shift to GCS-hosted, signed URLs an intentional platform-wide change?
- Are there plans to document or announce changes like this in advance?
- Is there a recommended way to get persistent, size-specific product image URLs from either App Bridge or Storefront/Admin APIs?
- Should we expect expiring image URLs to become the standard going forward?
We deeply appreciate the work Shopify is doing, and we understand that platform evolution is inevitable. We’re just hoping to better understand how to adapt cleanly and continue providing a reliable experience for merchants.
If anyone else has run into this, or found an elegant workaround, we’d love to hear your thoughts!