Hi everyone — I’m a developer of a public app in the Shopify App Store.
Recently, when creating new Shopify stores, I’m consistently seeing two .myshopify.com domains listed under Settings > Domains in the Shopify admin:
- A branded/expected
.myshopify.comdomain (appears to be the Primary domain) - A second
.myshopify.comdomain that looks non-branded / less readable (appears to be a Redirect domain)
From Shopify’s domain documentation, I understand that Shopify supports Primary, Alias, and Redirect domains, and that changing the .myshopify.com domain can result in the previous one becoming a redirect.
Problem: Our OAuth/install flow historically keyed store identity using the primary .myshopify.com domain. For older stores, the “shop domain we receive/are redirected through” always matched the primary. But on these newer stores, the flow is now redirecting/returning using the second (redirect) .myshopify.com domain, which doesn’t contain the expected shop name. As a result, we don’t recognize the store and can’t complete authorization cleanly.
Questions:
- Is it expected that new stores have two
.myshopify.comdomains (one primary and one redirect) by default, even if the merchant hasnt manually changed domains? - Is it expected that Shopify might redirect/return OAuth through a redirect domain rather than the primary domain?
- What is the recommended approach for apps to reliably identify the store when multiple
.myshopify.comdomains can exist (primary vs redirect)?
Extra context: This is happening across multiple newly-created test stores (including stores on trial), while older stores created earlier didn’t show the same behavior, but the older stores that i have checked are not on free trial.
Thanks!