Scheduled Proxy Requests

Hello Guys,

I am currently developing an Custom App that should run several operations. Included in these Operations is a user matching service to check wether user related data we store in a dbs can be related to an actual shopify user.
This operation should run scheduled and be triggered by a proxy request to handle proxy authentication to interact with Shopify for the according store.

Is there any way to run scheduled requests over the proxy to be able to authenticate?

I already tried with Shopify Flow but this does not work since the /apps/appName path is not accessible from Flow.

You may want to move this out of Flow so that you get more eyes on it

Hey @Tim_Dehler :waving_hand: - generally, the App Proxy is used for instances where users trigger certain actions on a shop’s storefront frontend back to your app’s server.

There’s not a supported way to do this currently since for the most part, App Proxies are essentially just requests to Shopify links, which are then redirected to external links (with added information related to the specific shop/user session for validation)

Since the request trigger “lives” on the frontend of the user’s browser through Shopify, it’s not recommended to rely on that functionality for scheduling within the proxy itself.

If you needed data from the user’s session on the shop via the proxy, you could take that data in when you receive the GET request from the proxy to your server and use that to trigger something server side, but you can’t trigger the scheduling itself from within the proxy since the way the Proxy will work will depend on the user’s session.

For your user matching service, what kind of data were you looking for? Were you just needing to confirm if certain users are logged in, etc? Just wondering what your use case is - happy to look into this with you for sure!

Hi @Alan_G, thanks for reaching out.

The idea is to handle two problems at once. I do not want to store an admin api token in my app therefore I wanted to authenticate using the request send over the proxy to have a admin object which I can use graphql function on.
I want something outside my app to send a request every day and trigger the process of matching users with that. I am currently hosting the app on fly.io which runs on AWS Lambda I suppose and therefore does not necessarily support Cron Jobs.
Even if Cron Jobs worked I would still have the issue of having to store the Token in my app. I would also need a security layer then, since the request could be send from anyone if I do not authenticate.

Best regards,
Tim

Hey @Tim_Dehler :waving_hand: - thanks for clarifying!

Could you share a bit more about what your user matching process involves specifically? What kind of user data are you trying to match, and what types of GraphQL operations would you need to perform once authenticated?

Just to clarify as well - would you be passing the admin token via the proxy? Generally, this wouldn’t be supported since the proxy itself just passes Shopify URLs over to your redirected external processes (which would handle the admin API side of things). Hope to hear from you soon.

Hey @Alan_G, sure I will try to give more insights.

To access the admin we are currently using either this:
const { admin } = await authenticate.public.appProxy(request) (storefront request)
or
const { admin } = await authenticate.admin(request); (app-admin request)

to authenticate and obtain a admin object which we can use to access the admin.

For the user matching service to make it as simple as possible just think of a list of emails which we have in the database and we need to find the according user over the graphql api via the email to retreive the shopify customer gid.

This is working if triggered manually from the shop or the admin via a button or else. But I am searching for a way to schedule calls to the app which can be authenticated with the authenticate function. Normally I would go with Shopify Flow since it can be scheduled but the flow requests cant be used to authenticate and therefore no connection to the admin.

Hope this represents my issue more clearly,
Best regards!

Thanks for clarifying @Tim_Dehler

You mentioned that you were seeing authentication issues with Flow?

I’m curious/want to confirm, what specific experiences or types of Flow requests were you encountering that limitation?

My understanding is that when Flow executes—especially using its native actions like “Send GraphQL query”—it can run within an authenticated context (for the Admin API).

The workflow inherits the necessary permissions from the Flow app and the shop it’s installed on, allowing it to make authenticated Admin API calls without you needing to manually pass or manage tokens for that Flow (more info here).

I think Flow should work for you here. Just sharing a possible workflow set up

  1. Trigger: Use Flow’s built-in “Scheduled time” trigger to kick off your process daily (or at any interval you need).

  2. Get Emails: Your Flow can then make an “HTTP request” action to your fly.io app to fetch the list of emails you need to match. (Just wondering if this is where you were seeing the authentication issue - my understanding is that this should work if you provide an endpoint that’s accessible)

  3. Loop: Flow can iterate through this list of emails one by one.

  4. Match User: For each email, use Flow’s “Send GraphQL query” action. You’ll provide the query to find a customer by email and retrieve their id (the GID). Flow handles the authentication to the Admin API for this call.

  5. Store Result: The GID (and any other customer data you fetched) is then available in Flow. You can use another “HTTP request” action to send this email-GID pair back to an endpoint on your fly.io app to store in your database.

Let me know if this aligns with what you’ve seen or if there were specific hurdles with Flow authentication you encountered (like the Send HTTP request - just wondering if that’s where the issue is popping up?). Happy to dive deeper :slight_smile:

Hi @Alan_G, nice idea which I will take a look into if this is sufficient.

But I think you did not quite get my initial Idea. The idea was that flow just serves as the trigger:

  1. Scheduled Trigger on flow
  2. Http Request from flow to the fly-app
  3. Fly-App authenticates with this request and executes queries on the admin to match the users

Hope that helps to understand our use case more deeply, as I want to avoid sending customer related data in big bulks to prevent interception leaks.

Ah - thanks for clarifying again there @Tim_Dehler - I get where you’re coming from now. Flow should be able to send over authenticated requests using HTTP still. I’m not sure how Fly handles authentication, but if it follows standard key/value pairs in the request headers for authentication keys/access tokens, this should work: https://help.shopify.com/en/manual/shopify-flow/reference/actions/send-http-request

Once you receive the Flow trigger in your Fly app, as long as your Fly app is then also using the correctly authenticated Shopify Auth token for a specific shop, it could then carry out GraphQL Admin queries/actions if needed.

Hope this helps - it does seem feasible to me to keep using Flow here if you wanted to go that route.