Why write this?
I’m trying to learn Rust, and building a Shopify application is an opportunity to do so. I find writing holds me accountable to actually knowing what I think I know, so selfishly it helps me enumerate everything involved in the foundation of the project.
Why read this?
Why skip this?
If you’re wanting the path of least resistance, you should use Shopify’s documentation and exactly the tools and technologies Shopify suggests in their documentation. Most of the community discussions and forum support is around these abstractions, so following the implementations in this post will lead you off on your own to an extent. It’s still eminently doable, but makes a better 2nd or 3rd app than a first app.
Also, a big caveat here is I’m just learning Rust. This will not be a tour of exemplary Rust code, it’ll be whatever I happen to be writing at the time and I certainly haven’t even mastered the fundamentals of the language.
With all that said, lets get to it!
- Rust: https://rustup.rs/
- SQLite: https://sqlite.org/index.html
- No real reason to use SQLite here over anything else, just easy to set up
- A publicly accessible host, directly or via something like ngrok: https://ngrok.com/
What do we actually need to do?
This list is actually reasonably long, but it should be mostly identical for every Shopify application.
- Create Shopify resources: https://shopify.dev/apps/auth/oauth#requirements. I won’t go into how to do this at all, read the Shopify documentation as it stands a better chance of being up to date.
- a free developer account (partner account, in Shopify lingo) – you only need to pay the fee to be listed in the public app marketplace
- a free development store, so you can test out your application
- a free Shopify application
- Find somewhere publicly accessible to host the application (your machine works fine to start)
- Implement 2 OAuth APIs and associated validation
- app URL
- callback URL
- nonce validation
- HMAC validation
- JWT validation
- Implement a landing page that verifies we cannot access the page from the public internet and we can access it with a valid Shopify JWT
- Implement mandatory GDPR webooks: https://shopify.dev/apps/webhooks/mandatory
customers/data_request: Requests to view stored customer data
customers/redact: Requests deletion of customer data
shop/redact: Requests deletion of shop data
How are we going to do it?
By continuously failing in the most naive way possible until there’s nothing left to fail at! I go with this strategy because it’s typically how I learn things in a new environment. Essentially I’m going to do less than the bare minimum, discover what deficiencies exist, fix one, see if that gets me any further, then repeat. We’re slowly going to work down Shopify’s list of OAuth steps to start, then clean up the leftovers by implementing the stuff that nobody makes you do but you have to.
Step 0: Install requirements and set up Shopify stuff
I’m not going to copy/paste instructions on how to install Rust or SQLite as they’re both well documented – ensure you have that done, then continue.
To do anything, you’ll need a partner account, and to test out our work you’ll need a development store.
With the development environment requirements installed and Shopify accounts set up, you’re ready to go!