Question About Using Localhost Redirect URLs for Shopify OAuth

Shopify App Store
1

Hello,

I would like to retrieve data from Shopify via Admin GraphQL API, but I do not have my own server.

I tried the approach of using shopify app dev with Shopify CLI and Cloudflare as a tunnel, but due to network security restrictions, I was unable to proceed with that method.

As an alternative, I was able to obtain an authorization code by setting the redirect URL to localhost and manually constructing the installation URL, as described below.

My questions are:

  • Is this approach considered a valid or established method?

  • Are there any better or recommended alternatives?

Steps

  1. Create an app for integration in the Dev Dashboard.

    • Set the redirect URL to https://127.0.0.1/auth/callback

    • Set the scopes to:
      read_discounts, read_fulfillments, read_locations, read_merchant_managed_fulfillment_orders, read_orders, read_products, read_returns

  2. Set the distribution method to Custom distribution.

    • Specify the domain of the store where the app will be installed

    • Turn off “Allow multiple stores within a single Plus organization”

  3. In API access requests, request access to read all orders

  4. Create a new version of the app in the Dev Dashboard.

    • Update the scopes to:
      read_all_orders, read_discounts, read_fulfillments, read_locations, read_merchant_managed_fulfillment_orders, read_orders, read_products, read_returns

  5. Copy the custom distribution install link and open it in a browser.

  6. Confirm that the app installation screen for the target store is displayed and that the Install button is enabled.

  7. Close the screen without installing the app.

  8. Manually create an install URL that includes the redirect URL, then open it in a browser.
    Example:

    https://[shop].myshopify.com/admin/oauth/authorize
  ?client_id=[APP_CLIENT_ID]
  &scope=read_all_orders,read_discounts,read_fulfillments,read_locations,
         read_merchant_managed_fulfillment_orders,read_orders,read_products,read_returns
  &redirect_uri=https%3A%2F%2F127.0.0.1%2Fauth%2Fcallback
  &state=xyz123

  9. Confirm again that the app installation screen is displayed and that the Install button is enabled.

  10. Proceed with the installation.

  11. After installation completes, the browser is redirected to
    https://127.0.0.1/auth/callback.

    Since no server is running, the browser displays an error such as
    “Sorry, this page can’t be reached.”

    However, the address bar shows:

    https://127.0.0.1/auth/callback?code=â—Źâ—Ź&hmac=...

    The â—Źâ—Ź value is the authorization code.

2

Maybe this guide will be of use:

1 Like