Securely Applying Dynamic Backend-Calculated Bundle Discounts via Functions (No Network Access?)

Hi Everyone,

I’m developing an app focusedd on creating advanced product bundles. A core feature allows merchants to set up complex pricing rules, including:

  1. Bundle Override Pricing: Setting a fixed total price for the bundle, regardless of the individual item costs.

  2. Mixed Discounts: Applying specific percentage/fixed discounts to certain items within the bundle.

  3. Free Gifts: Including specific items for free as part of the bundle.

The crucial part is that the final discount structure (which items get what price/discount) for a specific bundle instance is calculated dynamically on our app’s backend. This calculation depends on the merchant’s specific offer rules and the exact items the customer adds to their cart.

We want to use the new unified Discount Functions API (specifically targeting cart.lines.discounts.generate.run) to apply these calculated discounts correctly during checkout.

The Main Challenge: Our app needs to be available for merchants on standard Shopify plans (not just Plus/Enterprise). This means we cannot rely on network access (fetch) within the Discount Function to call our backend and retrieve the calculated discount instructions for the current cart.

What We’ve Considered:

  • Cart Attributes: Passing the calculated details or identifiers (like an internal offer ID) via cart attributes. We understand this is insecure, as attributes can be manipulated client-side, potentially allowing users to claim unintended discounts.

  • Discount Metafields (discountNode.metafield): We know these are intended for static configuration set up when the discount is created/defined. They don’t seem suitable for holding the dynamic, per-cart results calculated by our backend during the checkout process.

  • Admin API metafieldSet: Updating metafields via the Admin API isn’t feasible during the live checkout flow for every cart.

  • Multiple Combined Shopify Discounts: Attempting to replicate our bundle logic by creating many small, combinable Shopify discounts seems extremely complex to manage and unlikely to reliably achieve the exact override pricing due to Shopify’s stacking rules.

Our Question:

Given the need to apply dynamically calculated discounts (determined by our backend based on the specific cart) and the restriction of no network access in the Discount Function for standard plans, what is the recommended, secure, and viable approach?

How can we securely get the specific, pre-calculated discount instructions from our backend logic into the running Discount Function without using fetch or relying on easily manipulated cart attributes? Are there standard patterns, alternative Shopify APIs, or architectural approaches we’re overlooking for this scenario?

Thanks for any insights or suggestions!

Hi @pipolinoz !

I understand you are looking for a way to apply custom discounts for items in product bundles.

When using the Discount Function API you can query for the products in the cart as input to your function which would allow you to run your own custom logic based on the content of the cart. Regarding the “merchant’s specific offer rules”, you may use metafields on your discount functions to help configure different rules for a specific discount.

What kind of rules did you have in mind?

I might need some clarification on this. What exactly do you need to get from a network call? Can you calculate the discount(s) to apply directly in your function’s logic?

So I’ll let them split test offer pricing on different packages.

A package can include xyz products and each of them can have a different discount code, or a free gift product.

Each package is unique.

OFFER001 Package X example:

Product A → price override to $29.99
Product B → $5 fixed discount
Product C → Free Gift

So instead of passing this data through attributes for the function to consume which is easily manipulated, I’m wondering how I can run meta fields at a large scale.

Our merchants have a regular offer testing like 3-4 new offers a day. And there’s several package combinations / discounts within an offer.

Is it illegal from Shopify perspective if my app creates the cart with a static discount value on the payload that the function will use for?

For context, this isn’t a simple cart setup where we have buy y get x at specific discounts.

Let me know if a screenshot would help.

Best,

Indeed using cart attributes is not the safest approach here. You can add a metafield to your discount function to configure it any way you want. For example, a metafield could contain some json to configure how an offer should be applied like you described : apply a 5$ discount on a specific product or collection of products when present in the cart and 100% discount on another (free gift).

Then the merchant could create different offers by changing the configuration set in the metafield. This tutorial explains how to use a discount metafield. Let me know if it helps.

It all depends on the complexity of your use cases, how you implement your function and your usage of the metafield. But metafield is definitely the tool meant to implement reusable discount functions.

I’m not entirely sure what you mean here. Discounts are definitely validated before completing a checkout so if an unknown discount (i.e. a discount that doesn’t exist in the merchant’s admin) is added, the buyer won’t be able to complete the purchase.

That would definitely help visualize what you are trying to achieve.

Hi @pipolinoz

Just wanted to check if the approach advised above works for you?