Integration
Growcita + Shopify
The Growth Marketer, Paid Media, CRO, and Creative agents connect directly to Shopify via the Partner OAuth flow so they can read your product catalog, orders, and customers, and execute approved write actions like price updates, inventory adjustments, and discount codes — all under the autonomy level and guardrails you configure.
What the integration does
Once you install the Growcita app on your Shopify store, the agents use the Shopify Admin API to power these features:
- Catalog and order reporting: Read products, variants, collections, orders, and customers so the agents can build dashboards, identify bestsellers, and tie ad spend to actual revenue.
- Product price updates: Apply approved per-variant price changes. Bulk price mutations are intentionally not exposed via this integration — that work requires a dedicated migration through the Shopify admin.
- Inventory adjustments: Set the available inventory at a specific location using absolute-value updates so the final state is explicit (no accidental over-sells from delta math).
- Discount codes: Create price rules and discount codes for approved campaigns. Discount creation always requires explicit human approval via Growcita's approval gate.
- Product webhooks: Subscribe to product create / update / delete events so the connected catalog dashboards and ad-feed-syncing tools stay in sync with your store.
New products are always created as draft. Bulk CSV operations validate the file end-to-end before submitting to Shopify. Every write passes through the approval and guardrail layers before reaching the Admin API.
Data we read
- · Shop metadata (name, domain, currency, plan)
- · Products, variants, collections, and metadata
- · Orders, line items, fulfillment status, totals
- · Customers and order history
- · Price rules and discount codes
- · Inventory levels at each location
Data we write
- · Update a single variant's price
- · Set inventory level at a specific location
- · Create price rules and discount codes (approval required)
- · Subscribe to product create / update / delete webhooks
Bulk price mutations across the catalog are intentionally not exposed. New products created via Growcita land as draft, never live, so a runaway agent cannot accidentally publish a half-built listing.
OAuth scopes we request
When you install the Growcita app on your Shopify store, Shopify shows you the exact list of scopes we've declared and asks for your explicit consent. The default scopes are listed below; the set installed on your store is shown verbatim in the Shopify install dialog.
| Scope | Why we need it |
|---|---|
| read_products | Read products, variants, collections, and metafields for catalog dashboards, ad-feed syncing, and content generation. |
| read_orders | Read orders, line items, and totals so the Growth Marketer and CRO agents can tie ad spend to actual revenue. |
| read_customers | Read customer records to power lifetime-value analysis and audience suggestions for paid campaigns. |
| read_price_rules | Read existing price rules so the agent can avoid duplicate discount codes and reason about active promotions. |
When write features are enabled for your account, the install dialog will also include the corresponding write_* scopes (e.g. write_products, write_inventory, write_price_rules) so you see the exact permissions before you approve them.
Shopify Partner Program commitment
Growcita's handling of Shopify merchant data adheres to the Shopify API License and Terms of Use and the Shopify Partner Program Agreement.
- HMAC-verified callbacks. Every install and callback request is HMAC-verified against your Shopify app secret before any credential is stored. Forged callbacks are rejected.
- No selling merchant data. We do not sell, license, or share Shopify merchant data with data brokers, advertising networks, or unrelated third parties.
- No generalized model training. We do not use Shopify data to train generalized AI models. Only per-session agent invocations see your data, and only for the task you initiated.
- No bulk catalog overwrites. Bulk price and product mutations are intentionally out of scope. Discount creation requires explicit human approval. The agent cannot wipe or rewrite your catalog.
- Retention. When you uninstall the app, the access token is invalidated by Shopify and removed from our database within 24 hours. Cached data is deleted within 30 days on request.
How we secure your data
- Encrypted tokens. Shopify access tokens are stored in our Supabase Postgres database encrypted at rest. The token is unique per shop and only accessible to the workers processing that merchant's tasks.
- Per-shop scope. Each Shopify install is a distinct connection — the token from shop A is never readable while processing shop B. Multi-shop installs are explicitly supported and isolated.
- TLS in transit. All requests to the Shopify Admin API and between Growcita services use TLS 1.2 or higher.
- Reinstall on 401. Shopify tokens don't expire silently — if a merchant uninstalls, the next API call returns 401 and Growcita surfaces a clear “reinstall required” banner. We never fabricate a success on auth failure.
- Audit log on every write. Every Shopify write is recorded in our internal
tool_executionstable with the tool name, input size, duration, and outcome.
Uninstall at any time
You can uninstall Growcita from your Shopify store instantly:
- 1. In your Shopify admin, go to Settings → Apps and sales channels
- 2. Find “Growcita” and click Uninstall
- 3. Shopify revokes the access token immediately and notifies us via the mandatory uninstall webhook
Delete stored Shopify data
Uninstalling removes the access token within 24 hours. Growcita also implements the mandatory Shopify GDPR webhooks (customers/data_request, customers/redact, shop/redact). To delete cached performance data and dashboards as well, follow the Data Deletion Instructions or email privacy@growcita.com. Requests are processed within 30 days.
Independent third party
Growcita is an independent third-party application built on the Shopify Admin API. We are not affiliated with, endorsed by, or sponsored by Shopify Inc. “Shopify” is a registered trademark of Shopify Inc.
Ready to connect?
Sign in to Growcita and install the app on your Shopify store. You control which scopes are granted and can uninstall instantly from your Shopify admin.