Supporting Multiple Users
When you register your app in the Developer Portal (opens in a new tab), you'll have the option of enabling Multiple Users. This allows store administrators to manually authorize users to load the app. This article describes how enabling Multiple Users impacts the app's user experience in the control panel, and discusses important implications for app developers to consider before enabling the feature.
Enabling Multiple Users in Developer Portal (opens in a new tab) affects the control panel on any store your that has installed your app. If you already have an app published in the Marketplace (opens in a new tab), be aware that this setting takes effect immediately. We recommend testing Multiple Users using a separate app that is in draft status.
Let store owners know you've enabled this feature. Otherwise, they won't know they can grant access to users.
If Multiple Users is enabled after your app has launched, the update will cause the app scopes to change and users will be alerted of the new permission request.
Store owners will be able to adjust user permissions to grant or deny the store's other users access to your app. The next time the user logs in, they will see any apps they've received permission to access. Users can then click the app icon in the left nav to load it.
Use your draft app and your sandbox store to review this behavior.
Apps with Multiple Users enabled can expect the
ID of the user that initiated the callback in addition to the owner's
ID in the JSON object sent in the
load request. If a
load request is sent with information for a user you haven't seen, provision the user account and associate it with the store in your database.
Because you know the store owner's
ID from the app installation sequence, your app can distinguish store owners from other users. This allows you to provide different user experiences based on the information in the load request. Here is a summary of the two types of users:
- Store owner: Can
- Users: Cannot
uninstallapps. Users are permitted only to
loadthe apps that a store owner authorized.
Store owners can also remove users. This action generates a
GET request to the remove user callback URL that you provided in the Developer Portal (opens in a new tab). When this occurs, your app should remove the user identified in the request from it's records.
For details about remove user and load requests, see Single-click App Callbacks.
- Node / React / Next.js (opens in a new tab)
- Python / Flask (opens in a new tab)
- PHP / Silex (opens in a new tab)
- Ruby / Sinatra (opens in a new tab)
- Laravel / React (opens in a new tab)
- Node / FaunaDB / Netlify (opens in a new tab)
- Node API Client (opens in a new tab)
- Python API Client (opens in a new tab)
- PHP API Client (opens in a new tab)
- Ruby API Client (opens in a new tab)
- Ruby OmniAuth Gem (opens in a new tab)
- Big Design Developer Playground (opens in a new tab)
- Figma UI Kit (opens in a new tab)
- Adobe Illustrator UI Kit (opens in a new tab)