I figured I’d dedicate a post to this topic since I just wrapped up a rather painful learning experience with skinning Shopify (the Ruby on Rails-based shopping cart service) with a complete Flash frontend. Judging from the lack of documentation online, I’m willing to bet I’m one of the first crazy enough to take on such a challenge, and I’d hope to save some other poor developer some time.

Shopify tools

For starters, here’s a few of the tools Shopify provides for skinning:

• Shopify’s API, which allows you to communicate with the inventory, products, collections, and cart on Shopify.com
• Vision, a toolkit for creating a Shopify theme.

Working with Vision

I  started with Vision, which is this handy application that you can run locally, modify Rails/HTML theme files, and then test in a browser. Once ready, you simply zip up the theme’s contents and upload it via your Shopify store’s browser-based admin. A nice setup, though I came across a few technicalities–

• As of this writing, Vision themes are limited a 40 MB size limit, and rightly so, since it’s a browser-based file upload. I happened to be working with a site with roughly 300 MB worth of photos, so I was forced to host the assets on a different site.
• Shopify’s admin allows you to individually edit theme files, but if you want to upload a replacement you have to first delete the existing file. This made it very time consuming, since SWF files can’t be edited in a text editor.
• Themes are broken down into three folders:
  1. assets – files associated with your theme. Think images, javascript, swf files, etc.
  2. layout – this contains the theme.liquid file, which is basically the wrapper in which all of the templates are loaded
  3. templates – this contains a variety of necessary pages for a shopping cart site, like a product page, cart page, etc.

  A few things to note here: Unfortunately, I learned that the assets folder can’t contain subfolders, which lead me to a rather messy site structure. Your Shopify site will require all of the default template files. Since I was essentially rebuilding these all in Flash, I embedded my main SWF in theme.liquid and HTML-commented the include calls in theme.liquid.

Getting ActionScript working with Shopify’s API

The key here is authentication, as described in Shopify’s API. The API spits out XML, which is easy enough to parse in ActionScript, however, since API calls look like this:

https://API_KEY:SOME_PASSWORD@some-shop.myshopify.com/admin/orders.xml

they shouldn’t be queried from within Flash directly, as this exposes the shop owner’s API Key and password. Instead, it’s safer to create a server-side script, open the XML, and then feed it to Flash.

Once I got past this, it was pretty straightforward, with one exception–I couldn’t find the cart contents in the API documentation. After doing some asking around, I discovered that the cart contents can be found at your-shop.myshopify.com/cart.js. Now, unlike the API, this list of products contained in the cart is not XML, but Javascript Object Notation (JSON). Sure, I could have taken the time to write a JSON parser for ActionScript 3, but thankfully the good people at Adobe have already written one. It’s in as3corelib, which is hosted on Google Code.

Security and crossdomain goodness

Anytime a SWF file attempts to access content from a URL other than the one it’s on it first checks for a crossdomain policy. This is basically an XML file named crossdomain.xml that is hosted on the root level of the server (You can catch the dry documentation on this here and here).

Fortunately, Shopify has crossdomain.xml files prepared, however, it’s still a bit tricky.

Since they don’t want anyone hacking their main site, there’s no policy file on *.shopify.com. Granted, your-shop.myshopify.com has a policy, but there’s no way to pull your theme files.

domain	has crossdomain.xml	hosts swf theme files
your-shop.myshopify.com	YES	NO
cdn.shopify.com (URL to theme assets as generated by Vision)	NO	YES
static.myshopify.com	YES	NO
static.shopify.com	NO	YES

In the end, I explicitly referenced all of my SWF files from static.shopify.com and relied on the crossdomain policy file on your-shop.myshopify.com, which looks like this:

<cross-domain-policy>
<allow-access-from domain="*.shopify.com"/>
<allow-access-from domain="*.myshopify.com"/>
<allow-access-from domain="www.mydomain.com"/>
</cross-domain-policy>


So that’s it in a nutshell. If you’re out there using Flash as a complete skin for Shopify, drop a comment and let me know that I wasn’t alone!

This entry was posted on Thursday, October 8th, 2009 at 11:10 am and is filed under ActionScript, Flash, flex, webdesign. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.