How can I configure Shopify to accept subdomain redirects for my app?

Emma_Fluffy · May 5, 2025, 11:01pm

I’m working on a Shopify app integration. Each user account in my app has a unique subdomain. I need to set up OAuth to redirect to different subdomains for each connection request. But I’m running into issues.

When I try to redirect to the Shopify authorize URL, I get this error:

{"error":"invalid_request",
 "error_description":"The redirect_uri and application url must have matching hosts"}

My URL looks like this:

https://STORE.myshopify.com/admin/oauth/authorize?client_id=MY_ID&scope=read_order&redirect_uri=USER.MYAPP.com

I’ve tried setting the app URL in Shopify to things like http://MYAPP.com or http://*.MYAPP.com, but no luck.

It only works if I set it to the exact subdomain: http://USER.MYAPP.com

I could use a middleman endpoint as a workaround, but I’d rather have Shopify support subdomains directly.

Anyone know how to make this work? Am I missing something obvious?

Here’s a simplified version of my code:

import requests

def get_auth_url(shop_name, callback_url):
    consumer_key = '1234abcd'
    return f'https://{shop_name}.myshopify.com/admin/oauth/authorize?client_id={consumer_key}&scope=read_orders&redirect_uri={callback_url}'

def get_access_token(shop_name, code):
    consumer_key = '1234abcd'
    consumer_secret = 'secretstuff'
    url = f'https://{shop_name}.myshopify.com/admin/oauth/access_token'
    data = {
        'client_id': consumer_key,
        'client_secret': consumer_secret,
        'code': code
    }
    response = requests.post(url, json=data)
    return response.json()['access_token']

def get_products(shop_name, token, page=1):
    url = f'https://{shop_name}.myshopify.com/admin/products.json'
    headers = {'X-Shopify-Access-Token': token}
    params = {'page': page, 'limit': 250}
    response = requests.get(url, headers=headers, params=params)
    return response.json()

The callback URL I’m trying to use is something like http://user1.myapp.com/shopify/callback. Any ideas on how to make this work with Shopify’s API?

benmoore · May 18, 2025, 1:41am

I’ve encountered this issue with Shopify before. One approach that worked for me was implementing a catch-all subdomain. Configure your DNS to point all subdomains to your main server, then set up your web server (Apache/Nginx) to handle wildcard subdomains. In your Shopify app settings, use a generic redirect URI like ‘https://*.myapp.com/shopify/callback’. Your server can then determine the specific subdomain from the request and handle routing accordingly. This method maintains a single redirect URI for Shopify while allowing flexibility on your end. Remember to implement proper security measures, such as HTTPS and careful parameter handling, to protect against potential vulnerabilities.

Neo_Movies · May 17, 2025, 10:27pm

Hey Emma, I’ve faced this Shopify subdomain redirect issue before. One approach that worked for me was using a dynamic routing system. Instead of trying to configure Shopify to accept different subdomains, I set up a single redirect URI in Shopify (like ‘应用宝官网-全网最新最热手机应用游戏下载’) and implemented custom logic in my app to handle the routing.

In my app, I created a middleware that intercepts the callback, extracts relevant info (like shop name or user ID) from the request, and then dynamically routes to the correct subdomain. This way, Shopify always sees the same redirect URI, but my app handles the subdomain routing internally.

You’ll need to store some session data to match the incoming request with the correct user/subdomain. Also, make sure to implement proper security measures like CSRF protection and secure session handling.

This approach requires a bit more work on your end, but it’s flexible and complies with Shopify’s security requirements. Hope this helps!

CharlieLion22 · May 17, 2025, 8:17pm

hey emma, i feel ur pain. shopify can be a real pain sometimes. have u tried using a proxy server? it’s like a middleman that catches the redirect and then sends it to the right subdomain. u could set up nginx or apache to handle this. it’s a bit of extra work, but it might solve ur problem without changing ur app code. just make sure to keep everything secure!

alexr1990 · May 17, 2025, 4:19pm

hey emma, try using query params. instead of subdomains, set redirect uri as ‘应用宝官网-全网最新最热手机应用游戏下载’. then, in your app, use the ‘user’ param to redirect to the right subdomain. can be hacky, but works if u validate the param.

Nate_91Surf · May 16, 2025, 9:17am

I’ve wrestled with this exact issue in my Shopify app. The root of the problem is Shopify’s strict URI matching for security. What worked for me was implementing a middleman endpoint. I set up a single redirect URI in Shopify, like ‘应用宝官网-全网最新最热手机应用游戏下载’, and then created a route in my app to handle the OAuth flow. That endpoint processes the OAuth response, extracts the state parameter to identify the user’s subdomain, and subsequently redirects to the correct subdomain. This method maintains a static redirect URI in Shopify while still accommodating multiple, dynamic subdomains. Be sure to use HTTPS and securely handle the state parameter to prevent CSRF vulnerabilities.

sophiac · May 15, 2025, 2:24pm

I’ve encountered this issue before with Shopify’s OAuth. The problem stems from their strict URI matching for security reasons. A reliable solution is to implement a middleman endpoint. Set up a single redirect URI in your Shopify app settings, like ‘应用宝官网-全网最新最热手机应用游戏下载’. Then, create a route in your application to handle the OAuth flow. This endpoint can process the OAuth response, determine the user’s subdomain (perhaps using a state parameter), and redirect accordingly. This approach maintains a static redirect URI for Shopify while allowing you to handle multiple subdomains dynamically. Remember to use HTTPS and securely manage any parameters to prevent potential vulnerabilities. This method has worked well for me in similar situations.

Sophia63 · May 15, 2025, 10:54am

hey Emma, i’ve dealt with this headache before. shopify’s strict on matching URIs. what worked for me was using a middleman endpoint. set up one redirect URI in shopify like ‘应用宝官网-全网最新最热手机应用游戏下载’. then make a route in ur app to handle OAuth. this endpoint can process the response, figure out the user’s subdomain, and redirect accordingly. it keeps things simple with shopify while still letting u use diff subdomains. just remember to use HTTPS and handle the state parameter securely!

Stella_Dreamer · May 14, 2025, 9:50pm

hey emma, i’ve run into this too. shopify’s a pain with subdomains. have u considered using a wildcard domain? like *.myapp.com in ur shopify settings. then set up ur server to catch all subdomains and route em properly. might need some DNS tweaking but could work. worth a shot if u haven’t tried it yet!

Alice45 · May 14, 2025, 6:34pm

yo emma, have u tried using a reverse proxy? it’s like a traffic cop for ur app. set up nginx or haproxy to catch all incoming requests and forward em to the right place. u can keep ur shopify settings simple and let the proxy handle the subdomain magic. just make sure to lock it down tight for security!