Shopify, Amazon & TikTok Shop
Connect your e-commerce channels so online orders earn loyalty. Shopify syncs products and awards points on orders automatically; Amazon and TikTok Shop let members earn points for orders we verify against the marketplace — never the shopper's word. You configure all three in the app under Settings → Online Shop.
Three channels, one place
All three live on the Settings → Online Shop page as a single tabbed card. Shopify is a full sync (products + automatic order points). Amazon and TikTok Shop are verified-order channels: a member self-reports their order number in the portal and the platform fetches the authoritative order from the seller-authorized API before awarding points. Buyer PII is never persisted.
Shopify
Sync products into campaigns and earn loyalty points on orders automatically. Connect with a store domain + Admin API access token.
MarketplaceAmazon
Members earn points for their verified Amazon orders — checked against Amazon SP-API with your seller credentials, never the shopper's word.
MarketplaceTikTok Shop
Members earn points for their verified TikTok Shop orders — checked against the TikTok Shop Partner API. Same verify-don't-trust model as Amazon.
Shopify
Connect your Shopify store to bring product data into your campaigns and turn fulfilled orders into loyalty points — no code, just a store domain and an Admin API access token.
1 · Create an Admin API access token in Shopify
In your Shopify Admin go to Settings → Apps and sales channels → Develop apps → create an app, grant it read_products and read_orders (add write scopes only if you need them), and install it to reveal the Admin API access token (shpat_…).
2 · Connect the store in SocialHub
In the app, Settings → Online Shop → Online Shop tab. Enter your store domain (my-store.myshopify.com) and the Admin API access token. The token is verified against your store before saving and encrypted (AES-256-GCM) at rest — never logged or shown again.
3 · Sync & earn
Hit Sync Now to pull your product catalog for campaigns. From then on, fulfilled orders award loyalty points automatically (same formula as receipts), and first / repeat purchases fire the post-purchase automation events.
// What the platform exposes for the Online Shop connection:
POST /api/shopify/connect { "shopDomain": "my-store.myshopify.com", "accessToken": "shpat_…" }
GET /api/shopify/status // → { connected, shopDomain, status, lastSyncedAt, productCount, apiVersion }
POST /api/shopify/sync // pull products now
POST /api/shopify/disconnect // remove the connection + synced product data
//
// Orders: SocialHub receives Shopify order webhooks (order.fulfilled) and awards points
// keyed by the order id — idempotent, so a replayed webhook never double-awards.
// Connecting an Online Shop requires the Omnichannel plan.Amazon
Let members earn points for their verified Amazon orders. You authorize an Amazon SP-API app (Login with Amazon) on your Seller Central account; the platform uses those credentials to fetch each self-reported order and award points only if the order is real. Set it up under Settings → Online Shop → Amazon(team admins & system admins).
Connection settings
Secrets (encrypted at rest · write-only)
Save & Verify runs a live liveness check against SP-API and lists the marketplaces it can see. The LWA refresh token does not rotate — re-verify any time from the connection row.
TikTok Shop
Same verify-don't-trust model as Amazon, against the TikTok Shop Partner API. You authorize a TikTok Shop Partner app on your shop to get an App Key / App Secret and a refresh token. Set it up under Settings → Online Shop → TikTok Shop(team admins & system admins).
Connection settings
Secrets (encrypted at rest · write-only)
Leave Shop Cipher blank — Save & Verify discovers it from your authorized shop. TikTok rotates the refresh token on every refresh; the platform serializes and persists the rotation so concurrent jobs never invalidate each other.
// Marketplace credentials (Amazon / TikTok Shop) are saved + liveness-checked here.
// Open to team admins (org_owner / org_admin) and system admins; tenant-isolated —
// an admin can only ever read/write their OWN team's channels.
POST /api/admin/channels { teamId, kind: "amazon" | "tiktok", name, config, secrets }
POST /api/admin/channels/{id}/ping // re-verify the connection (discovers shop refs / cipher)
//
// Secrets (refresh_token, client_secret, app_secret, …) are AES-GCM encrypted the
// instant they arrive — write-only, never returned, never logged.How credentials are kept safe
Encrypted at rest
Every secret (access token, refresh token, client/app secret) is AES-GCM encrypted the instant it arrives. Secrets are write-only — never returned to the browser, never written to logs or emails.
Tenant-isolated
Channel credentials are bound to one team. Team admins (org_owner / org_admin) and system admins manage them, and can only ever read or write their own team's connections.
Verify, don't trust
For Amazon & TikTok Shop, points are awarded only for orders the platform fetched from the seller-authorized API. Buyer PII is match-then-discard and never persisted into the order record.
Idempotent earning
Shopify order webhooks and marketplace order numbers are keyed by order id, so a replay or a duplicate submission never awards points twice.
Related: REST API · POS · OMS · ERP · Member Portal Embed
Connecting a sales channel?
Talk to an engineer about Shopify scopes, SP-API authorization, TikTok Shop Partner apps, or how verified-order points work.
Talk to engineering