Why does my Resource Picker break randomly in Safari?

Safari's iframe restrictions are a pain. The picker fails if you don't initialize App Bridge properly or if there's any timing issue with the `shopify` global object. [Check this GitHub issue](https://github.com/Shopify/shopify-app-bridge/issues/351) - dozens of developers hit the same problem with variant arrays coming back empty. **Fix**: Always check if `window.shopify` exists before calling resourcePicker, and make sure your app.toml has the right permissions configured.

My app works in development but fails in production with "ECONNREFUSED" - what the hell?

You forgot the magic app.toml setting. It's buried in the docs and fails silently with zero helpful error messages. Add this to your shopify.app.toml: ```toml [app_access] admin = { direct_api = true } ```

Why does my modal disappear when users scroll on mobile?

Mobile Safari treats modal scroll events differently. The [ui-modal component](https://shopify.dev/docs/api/app-bridge/using-modals-in-your-app) has this bug where scrolling inside the modal sometimes closes it. **Workaround**: Use the [src modal approach](https://shopify.dev/docs/api/app-bridge/using-modals-in-your-app) instead - render your content in a separate route and point the modal there.

Session tokens randomly stop working and my app just dies

Multiple tabs break everything. User logs out in one tab, all tabs die. No fix exists. User refreshes or suffers. Welcome to 2025 web development.

Can I use App Bridge with Vue/Angular/vanilla JS or just React?

App Bridge works with [any JavaScript framework](https://shopify.dev/docs/api/app-bridge-library). The core library is framework-agnostic. React components in [`@shopify/app-bridge-react`](https://www.npmjs.com/package/@shopify/app-bridge-react) are just wrappers around the main APIs.

Why do my GraphQL queries return 200 status but no data?

GraphQL returns 200 even for errors - you need to check the `errors` field in the response: ```javascript const data = await res.json(); if (data.errors) { console.error('GraphQL errors:', data.errors); // Don't ignore these or you'll debug for hours } ```

What version should I use without breaking everything?

Use whatever's latest unless you hit bugs. Don't go below v3.2 - older versions are broken. The CDN version auto-updates and sometimes breaks your app. Pin your versions in production.

Does this thing actually work on mobile and POS?

Mostly. [Cross-platform compatibility](https://shopify.dev/docs/apps/getting-started) exists but with gotchas: - iOS: File uploads broken in modals - Android: Toast notifications randomly don't show - POS: Resource picker limited to products only

How do I debug when nothing works?

Open browser console and check the global `shopify` object: ```javascript console.log(window.shopify); // Is App Bridge loaded? console.log(shopify.idToken()); // Authentication working? console.log(shopify.modal.data); // Modal state debugging ``` [GitHub issues tracker](https://github.com/Shopify/shopify-app-bridge/issues) has most problems documented. Search before banging your head against the wall.

Is this mandatory for App Store approval?

Pretty much. [App Bridge is required](https://softcery.com/lab/shopify-app-bridge-what-it-is-and-why-do-you-need-it-2/) for embedded apps to pass App Store review. You can technically build without it, but Shopify will reject your app.

Why doesn't my Toast notification show up?

Polaris updates break Toast randomly. Pin your versions or prepare for surprises. The changelog lies about breaking changes anyway.

Can I access all the Shopify APIs through App Bridge?

Most [Admin GraphQL APIs](https://shopify.dev/docs/api/admin-graphql) work with direct API access enabled. Some sensitive operations (billing, app installations) still need server-side implementation for security. The [API reference](https://shopify.dev/docs/api/app-bridge-library) shows what's available, but expect some trial and error.

Why does my app randomly redirect to the install URL in production?

Session token bullshit. They expire, can't refresh, and your app dies. Usually a CORS issue or some iframe security thing. Check your headers, pray to the demo gods, and prepare for 3am debugging sessions.

How do I handle App Bridge in development vs production?

Development uses `https://your-app.com` while production needs the actual embedded URL. Set up environment variables for the App Bridge host and make sure your development server runs on HTTPS - Safari breaks without it.

Why does the Toast component break after Polaris updates?

Because Shopify changes shit randomly. Pin your versions, test updates, and expect surprises anyway. The direct App Bridge Toast API is more stable than whatever wrapper Polaris provides this week.

Can I use App Bridge APIs outside of embedded apps?

No. App Bridge requires the `shopify` global object that's only available when your app runs inside Shopify's iframe. For external apps, use the [Admin API directly](https://shopify.dev/docs/api/admin-rest) with proper OAuth flow.

What's the deal with "shopify:" URLs in fetch calls?

Those are [virtual URLs](https://shopify.dev/docs/api/app-bridge-library#direct-api-access) that App Bridge intercepts and transforms into authenticated API calls. They only work inside embedded apps with direct API access enabled. Regular URLs work normally.

Why does everything break when I update dependencies?

Welcome to JavaScript dependency hell. App Bridge, Polaris, React, and whatever else you're using all have different update cycles. One update breaks three other things. Pin everything in production, update one piece at a time in dev, and keep a bottle of whiskey handy.

Currently viewing the AI version

Switch to human version

Shopify App Bridge: AI-Optimized Technical Reference

Overview

Shopify App Bridge is the official JavaScript SDK for embedded apps that solves iframe communication, authentication, and UI consistency problems. Without it, developers face weeks of custom postMessage handlers, OAuth authentication hell, and UI that doesn't match Shopify's admin interface.

Critical Prerequisites

Required Configuration

app.toml setting: [app_access] admin = { direct_api = true } - Missing this causes silent API failures
HTTPS in development: Safari breaks without it
Version constraints: Don't use below v3.2 (completely broken)

Breaking Points

1000+ spans: UI becomes unusable for debugging large distributed transactions
Multiple tabs: User logout in one tab kills all tabs
Safari iframe restrictions: Resource picker randomly fails without proper App Bridge initialization

Authentication System

Session Tokens vs OAuth

Aspect	Session Tokens	OAuth
Safari compatibility	✅ Works	❌ Cookie restrictions
Mobile support	✅ Automatic	❌ Manual implementation
Token refresh	❌ Fails silently	✅ Predictable
Multi-tab support	❌ Breaks randomly	✅ Stable
Implementation time	30 minutes	2-4 weeks

Critical Failure Modes

Token expiration: No reliable refresh mechanism - app stops working until page refresh
Cross-tab interference: One logout breaks all instances
Silent failures: No error messages when authentication fails

Resource Picker Implementation

Working Configuration

// Always check availability first
if (window.shopify && shopify.resourcePicker) {
  try {
    const products = await shopify.resourcePicker({
      type: 'product',
      action: 'select',
      multiple: true
    });
  } catch (error) {
    // Fallback required - Safari breaks randomly
  }
}

Known Issues

Variant selection bug: Edit product selection and variants disappear (no fix available)
Safari compatibility: Breaks randomly without proper initialization
Mobile limitations: File uploads broken in modals on iOS

Direct API Access

Critical Implementation Pattern

const res = await fetch('shopify:admin/api/2024-07/graphql.json', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ query, variables })
});

const data = await res.json();

// CRITICAL: Always check for errors or debug for hours
if (data.errors) {
  console.error('GraphQL errors:', data.errors);
  return; // Handle properly
}

// Check for empty responses (wrong API version)
if (!data.data) {
  console.error('Empty response - check app.toml direct_api config');
}

Silent Failure Scenarios

Missing direct_api = true in app.toml
Wrong GraphQL API version
CORS issues in production

Modal System Reliability

Platform-Specific Issues

Platform	Issue	Workaround
iOS Safari	File uploads broken	Use src modal approach
Android	Toast notifications vanish	Use direct App Bridge Toast API
Mobile Safari	Modals close on scroll	Implement src modal rendering

Recommended Pattern

// More reliable than inline content
const modal = shopify.modal.show({
  title: 'Product Details',
  src: '/modal-content-route' // Separate route recommended
});

Cross-Platform Compatibility Matrix

Feature	Desktop	iOS	Android	POS
Resource Picker	✅ Full	⚠️ Variants broken	✅ Full	⚠️ Products only
Modals	✅ Full	❌ File upload	⚠️ Random close	✅ Full
Toast	✅ Full	✅ Full	❌ Random vanish	✅ Full
Authentication	✅ Full	⚠️ Multi-tab issues	✅ Full	✅ Full

Version Management Strategy

Production Requirements

Pin all versions: Auto-updates break production randomly
Test in isolation: Update one dependency at a time
Monitor changelogs: Breaking changes often undocumented

Recommended Versions

Minimum viable: v3.2+ (anything lower is broken)
CDN vs NPM: CDN auto-updates (risky), NPM pinned (stable)
React integration: Use @shopify/app-bridge-react for React apps

Debugging Workflow

Browser Console Diagnostics

// Check App Bridge availability
console.log(window.shopify);

// Authentication state
console.log(shopify.idToken());

// Modal debugging
console.log(shopify.modal.data);

Common Failure Signatures

Silent API failures: Check app.toml configuration
Empty GraphQL responses: Verify API version and permissions
Resource picker breaks: Safari iframe restrictions
Modal disappears: Mobile scroll event conflicts

Resource Requirements

Development Timeline

With App Bridge: 30 minutes to working prototype
Custom implementation: 2-4 weeks for basic functionality
Maintenance overhead: Shopify's responsibility vs permanent development burden

Expertise Requirements

Basic implementation: JavaScript fundamentals
Production deployment: Understanding of iframe security, CORS, authentication flows
Debugging expertise: Browser dev tools, GraphQL error handling, platform-specific quirks

Critical Warnings

Production Gotchas

app.toml configuration: Missing direct_api = true causes silent failures
Multiple tabs: Authentication state shared across tabs - one logout kills all
Safari compatibility: Requires HTTPS in development, proper initialization order
Version pinning: Auto-updates break production randomly
GraphQL errors: Return 200 status but fail silently - always check errors field

Performance Impact

Web Vitals integration: Adds network overhead in development
Bundle size: Significant JavaScript footprint
API rate limits: Direct API access counts against shop limits

Decision Matrix: App Bridge vs Custom Implementation

Requirement	App Bridge	Custom
Time to market	✅ 30 minutes	❌ 2-4 weeks
Maintenance burden	✅ Shopify maintains	❌ Permanent overhead
Safari compatibility	✅ Handled	❌ Manual implementation
Mobile support	✅ Built-in	❌ Platform-specific code
Breaking changes	⚠️ Shopify controls	✅ You control
Customization	❌ Limited options	✅ Full control

Essential Resources

Critical Documentation

App Bridge Library Documentation: Primary reference
GitHub Issues Tracker: Real-world problems and workarounds
App Configuration Guide: app.toml documentation

Development Tools

Shopify App Template (Remix): Pre-configured starting point
@shopify/app-bridge-react: React wrapper components
@shopify/app-bridge-types: TypeScript definitions

Community Support

Shopify API & SDK Forum: Developer community
Shopify Partners Slack: Real-time developer discussions

Implementation Checklist

Pre-Development

Add direct_api = true to app.toml
Set up HTTPS for development
Pin App Bridge version in production
Choose CDN vs NPM based on update strategy

Development Phase

Always check window.shopify availability before API calls
Implement GraphQL error checking in all API calls
Test resource picker in Safari specifically
Plan fallbacks for modal failures on mobile

Production Deployment

Test multi-tab authentication scenarios
Verify app.toml configuration in production environment
Monitor for silent API failures
Implement proper error handling for platform-specific quirks

Useful Links for Further Investigation

Resources That Actually Matter (And Some That Don't)

Link	Description
App Bridge Library Documentation	Surprisingly decent official docs. Start here - covers the basics without too much bullshit.
App Bridge GitHub Repository	Where the real solutions live. The issues section has all the gotchas they don't document properly.
App Bridge API Reference	Complete API docs. Actually readable, which is rare for Shopify documentation.
React Components Documentation	If you're doing React, this is required reading. Examples work most of the time.
@shopify/app-bridge-react	Essential if you're using React. Saves you from writing wrapper components.
@shopify/app-bridge-types	TypeScript definitions. Install these or spend hours figuring out type errors.
Shopify API & SDK Forum	Community forum where actual developers post real problems. Quality varies wildly.
Shopify CLI and Tools Forum	More specialized forum. Useful for deployment issues and CLI problems.
Essential Shopify App Development Resources	Marketing blog post that's actually helpful. Links to other useful stuff.
Shopify CLI	Required for development. Works better than it used to. Still breaks randomly.
Shopify App Template (Remix)	Start here for new apps. App Bridge pre-configured and actually works out of the box.
Polaris Design System	UI components that integrate with App Bridge. Use these or your app will look like ass.
Getting Started with Shopify App Bridge (Video)	Decent tutorial that shows actual implementation. 11 minutes of your life well spent.
How to Build a Shopify App Guide	Complete guide that covers App Bridge in context. Actually covers the full development process.
Cookieless Authentication Guide	Critical reading if you want to understand why session tokens exist and why they still break.
Shopify's Platform Architecture	Engineering blog explaining why App Bridge exists. Good background context.
App Configuration Guide	Where they hide the app.toml documentation. This will save you hours of silent failures.
GraphQL API Documentation	What you're actually calling through App Bridge. Reference material for when things break.
GitHub Issues Tracker	Where you'll find the real bugs and workarounds. Search here before opening Stack Overflow.
Developer Changelog	Lists breaking changes that will randomly break your app. Check this when updates kill everything.
Shopify Partners Slack	Community Slack where developers complain about broken shit. Sometimes useful solutions buried in the noise.

Shopify App Bridge: AI-Optimized Technical Reference

Overview

Critical Prerequisites

Required Configuration

Breaking Points

Authentication System

Session Tokens vs OAuth

Critical Failure Modes

Resource Picker Implementation

Working Configuration

Known Issues

Direct API Access

Critical Implementation Pattern

Silent Failure Scenarios

Modal System Reliability

Platform-Specific Issues

Recommended Pattern

Cross-Platform Compatibility Matrix

Version Management Strategy

Production Requirements

Recommended Versions

Debugging Workflow

Browser Console Diagnostics

Common Failure Signatures

Resource Requirements

Development Timeline

Expertise Requirements

Critical Warnings

Production Gotchas

Performance Impact

Decision Matrix: App Bridge vs Custom Implementation

Essential Resources

Critical Documentation

Development Tools

Community Support

Implementation Checklist

Pre-Development

Development Phase

Production Deployment

Useful Links for Further Investigation

Resources That Actually Matter (And Some That Don't)

Related Tools & Recommendations

Claude API Code Execution Integration - Advanced Tools Guide

Should You Use TypeScript? Here's What It Actually Costs

Shopify Polaris - Stop Building the Same Components Over and Over

Fast React Alternatives That Don't Suck

Stripe Terminal React Native Production Integration Guide

Converting Angular to React: What Actually Happens When You Migrate

TypeScript - JavaScript That Catches Your Bugs

JavaScript to TypeScript Migration - Practical Troubleshooting Guide

Stop Stripe from Destroying Your Serverless Performance

Supabase + Next.js + Stripe: How to Actually Make This Work

Claude API + Next.js App Router: What Actually Works in Production

Migrating CRA Tests from Jest to Vitest

Remix - HTML Forms That Don't Suck

React Router v7 Production Disasters I've Fixed So You Don't Have To

Which JavaScript Runtime Won't Make You Hate Your Life

Build Trading Bots That Actually Work - IB API Integration That Won't Ruin Your Weekend

AI Systems Generate Working CVE Exploits in 10-15 Minutes - August 22, 2025

I Ditched Vercel After a $347 Reddit Bill Destroyed My Weekend

TensorFlow - End-to-End Machine Learning Platform

Express.js Middleware Patterns - Stop Breaking Things in Production