Onboard a Shopify App to SSPM

Table of Contents

Onboard a ServiceNow App to SSPM

Onboard a Slack Enterprise App to SSPM

Onboard a Shopify App to SSPM

Connect a Shopify instance to SSPM to detect posture risks.

Where Can I Use This?	What Do I Need?
Strata Cloud Manager	SaaS Security Posture Management license Or any of the following licenses that include the Data Security license: CASB-X CASB-PA

Where Can I Use This?

What Do I Need?

Strata Cloud Manager

SaaS Security Posture Management license

Or any of the following licenses that include the Data Security license:

CASB-X
CASB-PA

For SSPM to detect posture risks in your Shopify instance, you must onboard your Shopify instance to SSPM. Through the onboarding process, SSPM connects to a Shopify API by using an API token that you generate from the Shopify admin page. To ensure the token has access to only the scopes SSPM needs, you will create a custom app. You will generate the scope-restricted API token through this custom app. After connecting to the Shopify API, SSPM scans your Shopify store for misconfigured settings and account risks.

By following these steps, you onboard only one Shopify store. If you want SSPM to perform scans for multiple stores, you can onboard each store separately.

The supported Shopify account plan for SSPM scans is the Shopify Plus plan.

To access your Shopify instance, SSPM requires the following information, which you will specify during the onboarding process.

Item	Description
API Token	A unique, alphanumeric string that Shopify generates for a Shopify custom app that you create. SSPM will use the API token to authenticate to the Shopify API. The API token gives SSPM access to the scopes specified in the Shopify custom app.
Store Name	A unique, permanent identifier assigned to your store on the Shopify platform. It is derived from the permanent, default URL that Shopify assigned to the store. The default URL has the following format: `<store-name>`.myshopify.com.

To onboard your Shopify instance, you complete the following actions:

Identify the Shopify account that you will use to create the custom app through which you will generate an API token.

Required Permissions: To create the custom app and generate the API key, the account must be assigned to the Organization Owner role.
Generate and copy an API key for your Shopify store.
1. Open a web browser to the Shopify login page and log in to the Shopify store that you want SSPM to scan.
2. Navigate to your store settings. To navigate to your store settings, click Settings in the lower-left corner of the page.
3. From the left navigation pane of the settings page, select Apps and sales channels.
4. On the Apps and sales channels page, click Develop apps.
5. On the App development page, click Create app.
6. In the Create an app dialog, specify a name for your app and Create app.
  
  Shopify displays a tabbed configuration page for your new app.
7. On the Configuration tab for your app, complete the following steps to identify the API scopes that SSPM will be able to access:
  Configure the Admin API Integration settings.
  In the Admin API Integration settings, select the following scopes:
  read_apps
  read_privacy_settings
  
  Your app will also require access to the read_users scope. However, due to this scope's sensitive nature, it is restricted and, by default, is not available for selection on the Admin API Integration page. In a later step of these instructions, you will contact Shopify Plus Support to request access to this scope.
  
  Save the Admin API Integration settings.
8. On the API credentials tab for your app, click Install app.
9. In the confirmation dialog, verify that you want to Install the app.
10. Contact Shopify Plus Support to request access to the read_users scope for your app.
  Because the read_users scope will give your app access to sensitive user information, the read_users scope isn’t enabled by default.
  Locate your store's brand name (by default, My Store) in the upper-right corner of the page and select <brand-name> Shopify Plus Support.
  Select Chat with us, and ask the support person to enable the read_users scope for your application.
  It can take a few minutes to an hour for Shopify Plus Support to enable the scope for your app.
11. After Shopify Plus Support has enabled the read_users scope, add the scope to your app.
  On the Configuration tab for your app, Edit the Admin API Integration settings.
  In the Admin API Integration settings, select the read_users scope.
  Save the Admin API Integration settings.
12. On the API credentials tab for your app, click Reveal token once to display the API token for your app.
13. Copy the API token and paste it into a text file.
  
  Don’t continue to the next step unless you have copied the API token. You must provide this API token to SSPM during the onboarding process.
Identify your store name.

Your store name is the subdomain of the URL that Shopify assigned to the store when you created the store. The default URL has the format <store-name>.myshopify.com.
1. Navigate to your store settings. To navigate to your store settings, click Settings in the lower-left corner of the page.
2. From the left navigation pane of the settings page, locate your store name in the default URL for your store.
  The default URL has the format <store-name>.myshopify.com.
Connect SSPM to your Shopify instance.
In SSPM, complete the following steps to enable SSPM to connect to your Shopify instance.
1. Log in to Strata Cloud Manager.
2. Select ConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Shopify tile.
3. On the Posture Security tab, Add New instance.
4. Log in with Credentials.
5. Enter your API Token and Store Name.
6. Connect.