<aside> 💡
I created this to structure my understanding of Shopify’s surface areas and how incidents manifest across them.
This page reflects a self-initiated audit of Shopify’s potential incident surfaces to understand how detection might work for non-engineering responders.
</aside>
| Level 1 | Level 2 | Level 3 | Level 4 | Level 5 |
|---|---|---|---|---|
| Account | ||||
| Account tier | ||||
| Basic | ||||
| Grow | ||||
| Advanced | ||||
| Plus | ||||
| Enterprice | ||||
| Starter | ||||
| Retail | ||||
| Onboarding flows | ||||
| Authorization flow | ||||
| Shopify Markets Pr | ||||
| Shopify Capital | ||||
| Admin | ||||
| Shopify Balance | ||||
| Shopify Credit | ||||
| Shopify Capital | ||||
| Shopify Bill Pay | ||||
| Admin UI Performance (page load, navigation speed) | ||||
| Markets / Multi-entity support | ||||
| Shopify Flow & automation tools | ||||
| Settings panels (domains, taxes, shipping, analytics) | ||||
| Tax Services /Shopify Tax. | ||||
| Shipping Labels / Shopify Shipping | ||||
| Domain & SSL setup? | ||||
| Migration Tools | ||||
| Admin SDK | ||||
| Checkout | ||||
| Checkout UI (payment steps, shipping rates) | ||||
| Shopify Payments (Local currencies, installments, fraud protection) | ||||
| Third-party Payment Gateways (Google Pay, Apple Pay, USDC crypto, Klarna, etc. ) 🚨 100 providers | https://www.shopify.com/ie/payment-gateways | |||
| Checkout Extensions (post-purchase, discount apps) | ||||
| Reports and Dashboards (Business analytics view) | ||||
| Web performance reports | ||||
| New analytics & benchmarks | ||||
| ShopifyQL segment editor | ||||
| Storefront | ||||
| Themes/Theme Editor (e.g. Horizon themes, block editor) | ||||
| Liquid templates — Underlying HTML generation | ||||
| Storefront UI (cart drawer, navigation) | ||||
| Frontend scripts (Monorail, analytics, 3rd-party widget scripts) | ||||
| Edge performance & CDN — Asset delivery and caching | ||||
| Shopify editor | ||||
| Theme customisation | ||||
| Section rendering | ||||
| Drag-and-drop blocks | ||||
| WYSIWYG editor features | ||||
| Liquid integration | ||||
| API & Mobile | ||||
| API’s (Developer-facing interfaces) GraphQL, REST, SDK’s | ||||
| Admin API | ||||
| Rest Endpoints | ||||
| Shopify’s REST Admin API allows access to core merchant resources like orders, products, customers, and transactions. | ||||
| Endpoints are versioned (e.g. 2025-04) and follow conventional REST methods (GET, POST, etc.). | ||||
| Example: The Transaction resource tracks payment processing events related to orders. | ||||
| Admin GraphQL API — Querying and managing Admin data | ||||
| page | ||||
| **article** | ||||
| **giftCard** | ||||
| **order** | ||||
| Storefront GraphQL API — Frontend data fetches | ||||
| Admin REST API — Classic Admin REST calls | ||||
| Transaction — Payment records and reconciliation | ||||
| Order, Customer, Product, etc. (if listed elsewhere, bring here) | ||||
| Customer Account GraphQL API — Customer login/profile functions | ||||
| Webhooks — Subscription/event delivery | ||||
| Payments Apps API — Payment provider integrations | ||||
| Liquid – Templating engine powering theme rendering | ||||
| Subscription APIs — recurring orders/events | ||||
| Migration APIs — bulk data import/export (CSV, migration apps) | ||||
| Shopify Functions APIs — custom logic for checkout, shipping | ||||
| Partner API | ||||
| Function API | ||||
| Mobile App / Shopify Mobile | ||||
| Shop App ? | ||||
| Storefront SDK | ||||
| Mobile Buy SDK (iOS/Android) | ||||
| Unity SDK | ||||
| JavaScript SDK | ||||
| Third party services (Marketplace and integrations) | ||||
| Shopify App Store | ||||
| Shopify Theme Store | ||||
| Built for Shopify, Polaris (design/components) — marketplace/integrations | ||||
| Shopify Fulfillment Network | ||||
| Support | ||||
| Sidekick (AI-guided admin assistant) | ||||
| Shop App (shopper app features, sync with online stores) | ||||
| Point of Sale | ||||
| POS UI & Navigation (speed, search, cart) | ||||
| Payments / Cash handling (store credit, multi-entity payouts) | ||||
| POS Extensions (Print API, device configs) | ||||
| Oxygen (Hosting infrastructure) | ||||
| Edge hosting updates — CDN, rendering engine, caching logic | ||||
| Platform Services | ||||
| Audiences | ||||
| Payments | ||||
| Markets | ||||
| Subscriptions | ||||
| Shop Pay | ||||
| Functions |
❗ Shopify Payments (3rd-party gateways, checkout flows)
❗ Checkout Extensions (discount logic, payment edge cases)
❗ Shopify Flow (automation failures = hidden systemic issues)