AxioRankDocs
Integrations

Shopify

Verify the AI agents that browse and buy on your Shopify store with the AxioRank Agent Verification app. A thin client of the inbound verify endpoint, with monitor and enforce modes and order-level enforcement.

Most AxioRank integrations govern the calls your agents make outbound. The Shopify app is on the inbound side: it verifies the AI agents reaching a website surface you operate, your storefront and checkout. It is a thin client of the verify endpoint, so each checked action is forwarded as one authenticated POST to /api/gateway/verify-request and the verdict drives what happens to the action or the order. There is no theme code to write and no local model.

Honest about what a Shopify app can enforce

A Shopify App Store app cannot run in the storefront request path the way a server plugin can. Storefront checks are observe and soft-challenge. The real, enforceable block is on the order, after payment: a flagged order is cancelled or held. There is no checkout-time inline block, because Shopify does not let an App Store app call an external API from a checkout function.

Install

  1. Register a website surface in AxioRank under Inbound, Surfaces (or with POST /api/surfaces) for your *.myshopify.com domain and copy its site key (axr_site_...), distinct from your agent key.
  2. Install AxioRank Agent Verification from the Shopify App Store.
  3. In the embedded admin, paste the site key, or paste an AxioRank workspace API key to have the app mint the surface for the shop.
  4. Turn on the AxioRank verification app embed in the theme editor.
  5. Leave the mode on Monitor and save.

What gets verified

The app only checks the traffic worth checking, so ordinary human browsing never calls out:

  • Any request carrying Web Bot Auth signature material (always verified).
  • An enabled storefront action: checkout, add to cart, login and account, or search. Each is a toggle in the admin.
  • Any request with a bot-like user-agent.
  • Every order, from the orders/create webhook, using the creator's user-agent, IP, and source.

Each check is scored and logged in your AxioRank dashboard with the agent identity, verification method, and risk, exactly like any other inbound surface.

Monitor first, then enforce

A surface starts in monitor posture: AxioRank computes and logs the verdict, but nothing is acted on. Watch the audit log and the admin Activity panel to see what would be flagged, then set both the AxioRank surface and the app to enforce. The app acts only when the response's own enforced flag is true, so the surface posture stays authoritative:

  • Storefront: the app embed can show a notice or stop a submit on a server block. This is best-effort, since an automated agent can ignore JavaScript.
  • Orders: a flagged order is tagged, held, or cancelled, per the order action you choose. Cancelling releases the payment authorization.

Fail-open by design

Verification sits next to your checkout, so it fails open. Only a rejected site key raises a notice; any timeout or transport failure resolves to an allow, so a verification outage never blocks a sale.

Next steps

  • Inbound surfaces: the model behind the website surface.
  • Policies: scope inbound decisions by operation and agent.
  • Gateway API: the raw verify-request contract the app speaks.

WordPress

Verify the AI agents that reach your WordPress REST API, admin, and dynamic endpoints with the AxioRank Agent Verification plugin. A thin client of the inbound verify endpoint, with monitor and enforce modes.

Datadog

Stream the AxioRank governed audit log into Datadog and install the AxioRank tile for a prebuilt log pipeline, two dashboards, and four monitors. Watch agent governance next to the rest of your stack.

On this page

InstallWhat gets verifiedMonitor first, then enforceNext steps