@anton.andrusenko/shopify-mcp-admin 2.0.3 → 2.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -7
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -100,6 +100,8 @@ SHOPIFY_CLIENT_SECRET=xxxxx
|
|
|
100
100
|
|
|
101
101
|
Tokens are automatically refreshed every 24 hours.
|
|
102
102
|
|
|
103
|
+
> **Remote mode note (multi-tenant):** Shops connected via OAuth now support **expiring offline tokens with automatic refresh** (Shopify Dec 2025 refresh tokens). See `docs/TOKEN-REFRESH-IMPLEMENTATION.md`.
|
|
104
|
+
|
|
103
105
|
### Which Should I Use?
|
|
104
106
|
|
|
105
107
|
| Scenario | Method |
|
|
@@ -129,7 +131,7 @@ Tokens are automatically refreshed every 24 hours.
|
|
|
129
131
|
| `LOG_LEVEL` | No | `info` | Log level: `debug`, `info`, `warn`, `error` |
|
|
130
132
|
| `SHOPIFY_MCP_LAZY_LOADING` | No | `false` | Enable modular lazy loading (set to `true` for on-demand module loading) |
|
|
131
133
|
| `SHOPIFY_MCP_ROLE` | No | — | Role preset for automatic module loading (see [Role Presets](#-role-presets)) |
|
|
132
|
-
| `ALLOWED_HOSTS` | ✅ (remote mode) | — | Comma-separated list of allowed hostnames (e.g., `shopify-mcp.com
|
|
134
|
+
| `ALLOWED_HOSTS` | ✅ (remote mode) | — | Comma-separated list of allowed hostnames (e.g., `shopify-mcp.com`) |
|
|
133
135
|
| `ALLOWED_ORIGINS` | ✅ (remote mode) | — | Comma-separated list of allowed CORS origins (e.g., `https://shopify-mcp.com`) |
|
|
134
136
|
| `METRICS_ENDPOINT_ENABLED` | No | `false` | Enable Prometheus metrics endpoint at `/metrics` |
|
|
135
137
|
| `ENABLE_HSTS` | No | `false` | Enable HTTP Strict Transport Security headers |
|
|
@@ -1316,6 +1318,14 @@ SERVER_MODE=remote npm start
|
|
|
1316
1318
|
- **Forms:** React Hook Form + Zod validation
|
|
1317
1319
|
- **Auth:** Session cookies with automatic expiry handling
|
|
1318
1320
|
|
|
1321
|
+
### Shopify Token Refresh (Remote Mode)
|
|
1322
|
+
|
|
1323
|
+
When shops are connected via OAuth in remote mode, the server stores **expiring offline tokens** (access + refresh token) and refreshes access tokens automatically before they expire.
|
|
1324
|
+
|
|
1325
|
+
- **Legacy compatibility:** Existing non-expiring tokens continue to work; shops upgrade to refreshable tokens on reconnect.
|
|
1326
|
+
- **DB migration required:** Ensure Prisma migrations are deployed in production before rolling out the server.
|
|
1327
|
+
- **Details:** See `docs/TOKEN-REFRESH-IMPLEMENTATION.md`.
|
|
1328
|
+
|
|
1319
1329
|
---
|
|
1320
1330
|
|
|
1321
1331
|
## 🤝 Contributing
|
|
@@ -1415,12 +1425,6 @@ The production service is available at:
|
|
|
1415
1425
|
- **Metrics:** `https://shopify-mcp.com/metrics`
|
|
1416
1426
|
- **MCP Endpoint:** `https://shopify-mcp.com/mcp`
|
|
1417
1427
|
|
|
1418
|
-
**API Subdomain:**
|
|
1419
|
-
- **Dashboard:** `https://api.shopify-mcp.com/app`
|
|
1420
|
-
- **Health Check:** `https://api.shopify-mcp.com/health`
|
|
1421
|
-
- **Metrics:** `https://api.shopify-mcp.com/metrics`
|
|
1422
|
-
- **MCP Endpoint:** `https://api.shopify-mcp.com/mcp`
|
|
1423
|
-
|
|
1424
1428
|
**Available Endpoints:**
|
|
1425
1429
|
|
|
1426
1430
|
| Endpoint | Description | Authentication |
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@anton.andrusenko/shopify-mcp-admin",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.1.1",
|
|
4
4
|
"description": "MCP server for Shopify Admin API - enables AI agents to manage Shopify stores with 79 tools for products, inventory, collections, content, SEO, metafields, markets & translations",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|