App Install
The CDP app ships a standalone, self-serve Shopify OAuth install flow. These routes are part of the merchant install experience, not the API-consumer surface — you do not call them from your integration, so they are documented here only for completeness and are excluded from the API reference and the route drift gate’s endpoint set.
| Route | Purpose |
|---|---|
GET /cdp/install | Begin install: validate ?shop, sign state, and redirect (302) to Shopify’s OAuth authorize URL with the CDP app’s trimmed scopes and client id. |
GET /cdp/install/callback | Install callback: validate the Shopify HMAC and signed state, exchange the code for an offline token, and persist an encrypted brand_integrations row (idempotent on reinstall), creating a minimal brand for a net-new shop. |
This is a self-serve install for any Shopify store — there is no LiveRecover signup funnel. Install-time enrollment wires the storefront Web Pixel to post to the credential-free ingest proxy and adds the shop to the ingest allowlist.
After install, a brand obtains an API key via the Quickstart flow (self-serve in web-client settings, or staff-issued) and uses the API reference endpoints.