Shopify App Integration
Add CAIRL hosted verification to Shopify storefront or checkout flows.
Overview
Use CAIRL with Shopify when a merchant needs age, identity, document freshness, or uniqueness claims before allowing a gated action. CAIRL stays outside the merchant's raw identity-data path: the shopper verifies with CAIRL, consents to share claims, and the app stores only the claim result it needs.
Shopify supports storefront app proxies for dynamic storefront routes and checkout app extensions for checkout experiences. Use the least invasive entry point that matches the merchant's gated action.
Recommended patterns
| Merchant need | Shopify surface | CAIRL pattern |
|---|---|---|
| Age gate before viewing a product or collection | Storefront app proxy | Redirect to CAIRL before rendering gated content |
| Verify before account approval or community access | App backend + customer account flow | Store sub and approved claims on the merchant-side app record |
| Verify during checkout | Checkout UI extension, where available for the store | Start hosted verification before the merchant accepts the order |
| Post-purchase verification for fulfillment review | Order status or app backend workflow | Request claims only when the fulfillment rule requires them |
Shopify Plus availability can affect checkout extension placement. If a merchant is not eligible for the checkout extension target you want, use the storefront or account flow instead.
OAuth flow
- The Shopify app decides that a shopper needs verification.
- The app creates
state,code_verifier, andcode_challenge. - The app redirects the shopper to
https://cairl.app/verify/start. - CAIRL returns the shopper to the app callback with
codeandstate. - The app validates
state, exchanges the code server-to-server, and reads verified claims from/api/oauth/userinfo. - The app stores only the approved claim result and the CAIRL
subneeded for future checks.
Use the Quickstart for copy-paste cURL, Node, and Python examples.
App proxy callback shape
A storefront app proxy can route a merchant storefront URL to your app backend. For example, a merchant-facing route such as:
https://shop.example/apps/cairl/verifycan proxy to your app, which then starts the CAIRL OAuth flow. Keep CAIRL OAuth callbacks on your app's own registered callback URL, not on a customer-edited Shopify proxy path.
Data handling
- Store the CAIRL
suband the minimal verified claims required by the merchant rule. - Do not store document images, face captures, raw dates of birth, or raw address data unless a separate CAIRL contract explicitly allows it.
- Re-check claims when the merchant requires freshness, such as annual age or document-status recertification.
- Log claim decisions with enough context to debug a merchant dispute without replaying raw identity data.