Supporting Multiple Users

When you register your app in the Developer Portal (opens in a new tab), you'll have the option of enabling Multiple Users. This allows store administrators to manually authorize users to load the app. This article describes how enabling Multiple Users impacts the app's user experience in the control panel, and discusses important implications for app developers to consider before enabling the feature.

Enabling multiple users

Enabling Multiple Users in Developer Portal (opens in a new tab) affects the control panel on any store your that has installed your app. If you already have an app published in the Marketplace (opens in a new tab), be aware that this setting takes effect immediately. We recommend testing Multiple Users using a separate app that is in draft status.

Let store owners know you've enabled this feature. Otherwise, they won't know they can grant access to users.

If Multiple Users is enabled after your app has launched, the update will cause the app scopes to change and users will be alerted of the new permission request.

The control panel experience

Store owners will be able to adjust user permissions to grant or deny the store's other users access to your app. The next time the user logs in, they will see any apps they've received permission to access. Users can then click the app icon in the left nav to load it.

Use your draft app and your sandbox store to review this behavior.

The load request

Apps with Multiple Users enabled can expect the email and ID of the user that initiated the callback in addition to the owner's email and ID in the JSON object sent in the load request. If a load request is sent with information for a user you haven't seen, provision the user account and associate it with the store in your database.

Because you know the store owner or user's email and ID from the app installation sequence, your app can distinguish store owners from other users. This allows you to provide different user experiences based on the information in the load request. Here is a summary of the two types of users:

• Store owner and authorized users: Can install, uninstall, and load apps. Store owners must grant permissions so that authorized users can install or uninstall apps.
• Users: Cannot install or uninstall apps. Users are permitted only to load the apps that a store owner authorized.

The remove user request

Store owners can also remove users. This action generates a GET request to the remove user callback URL that you provided in the Developer Portal (opens in a new tab). When this occurs, your app should remove the user identified in the request from it's records.

For details about remove user and load requests, see Single-click App Callbacks.

Next steps

• Learn how to handle store events.

Resources

Related articles

• Single-click App Callbacks

Sample apps

• Node / React / Next.js (opens in a new tab)
• Python / Flask (opens in a new tab)
• PHP / Silex (opens in a new tab)
• Ruby / Sinatra (opens in a new tab)
• Laravel / React (opens in a new tab)

Tools

• Node API Client (opens in a new tab)
• Python API Client (opens in a new tab)
• PHP API Client (opens in a new tab)
• Ruby API Client (opens in a new tab)
• Ruby OmniAuth Gem (opens in a new tab)
• BigDesign Developer Playground (opens in a new tab)
• Figma UI Kit (opens in a new tab)

Blog posts

• How to Test App Authentication Locally with ngrok (opens in a new tab)
• Building a BigCommerce App Using Laravel and React (opens in a new tab)
• BigDesign Tutorial (opens in a new tab)