Skip to main content

App Bridge Overview

Embedded apps run inside the Shoplazza merchant admin as iframes. However, pages within the iframe are isolated from the outer admin, making it impossible to directly manipulate the admin's navigation, top bar, etc. Shoplazza App Bridge is the JavaScript library that bridges this isolation — after introducing it in your app's frontend, code inside the iframe can call the admin's navigation redirect (Redirect), back link (Backlink), save bar (SaveBar), and obtain the authentication token (Session Token) needed for calling Open API. This makes your app feel like a native Shoplazza admin page, so merchants never feel like they've left Shoplazza.

When does your app need App Bridge?

ScenarioRequired?
App UI is embedded in the Shoplazza merchant admin (inside an iframe)✅ Required
Need to trigger Shoplazza top navigation/Redirect from within the app✅ Required
App is a standalone site that merchants access via an external link❌ Not needed
Pure backend service without UI (only calls Open API via OAuth)❌ Not needed

Key point: Is your app displayed as an iframe in the merchant admin? If yes, App Bridge is almost certainly required.

Core capabilities map

CapabilityUsageDocumentation
Session TokenAuthentication for embedded apps — frontend obtains JWT, backend verifies it, securely calls Open APISession Token
BacklinkAdds a "back to previous level" link in the Shoplazza top navigationBacklink
SaveBar (Contextual Save Bar)Form dirty checking + unified "Save/Discard" action bar at the topSaveBar
RedirectControls merchant admin main navigation jumps (preserves iframe context)Redirect

Relationship with Session Token

Browser (iframe) Your App Backend

│ ① getSessionToken(clientID)
│ (Shoplazza issues JWT, valid for 1 minute)

│ ② fetch('/api/...', { Authorization: 'Bearer <jwt>' })
│ ───────────────────────────────►
│ ③ Verify JWT
│ ④ Use persistent access_token to call Open API
│ ⑤ Return business data
│ ◄───────────────────────────────

Session Token lifespan is fixed at 1 minute — fetch a new one for every request, never cache it.

Installation

App Bridge is published as the npm package shoplazza-app-bridge. Install it in your embedded app's frontend project:

npm install shoplazza-app-bridge --save

Initialize it in your app's entry file (recommended to execute once before the page mounts):

import { app } from 'shoplazza-app-bridge';

app.init();

app.init() sends an APP::ENABLED message to the host (Shoplazza merchant admin) to establish communication and starts listening for events sent back by the admin. After initialization, you can use all available capabilities — see the individual documentation pages linked in the "Core capabilities map" above for detailed usage.

Consistency with Shoplazza Admin UI

By using App Bridge:

  • Your app looks like a "native page" of the Shoplazza admin, providing a consistent mental model for merchants
  • Browser history, URL navigation, and save prompts follow the patterns merchants are familiar with
  • Multi-language and dark mode (if supported by Shoplazza) automatically follow the host
Embedded (App Bridge)External-link app (no App Bridge)
Merchant entryClicked from the left navigation in Shoplazza adminLeaves Shoplazza to an independent site
Visual consistencyConsistent with Admin UIIndependent design
AuthenticationSession Token + persistent access_tokenaccess_token only
Recommended scenarioApps frequently used within the Shoplazza workflowTools used occasionally or requiring a standalone UX