Webhooks

/[domain]/api/revalidate accepts Shopify webhooks:

  • Shopify path verifies X-Shopify-Hmac-SHA256 via validateShopifyHmac() (src/utils/webhooks/shopify.ts), maps the topic to per-entity tags (parseShopifyWebhook), and calls revalidateTag(tag, 'max'). If SHOPIFY_WEBHOOK_SECRET is unset, validation is skipped with a warning (dev only — never deploy without it).

After invalidating Next.js's data cache, the route handler also calls evictApolloClient({ shopId: shop.id }) from src/api/_apollo-pool.ts to drop the matching per-tenant Apollo InMemoryCache entries. Both branches of the handler (broad sweep and entity-tagged) perform this step — without it, the in-memory Apollo cache would diverge from Next.js's data cache. See Per-tenant Apollo client cache and Cache tags for the tag scheme.

CMS invalidation arrives from Convex: publishing in the editor runs the deployment's revalidation pipeline (packages/convex/convex/revalidate/), which delivers signed events to /api/revalidate/convex; the route verifies the CONVEX_REVALIDATE_SECRET HMAC, then calls revalidateTag for the matching cms tags.

Routing

Previous Page

Deployment

Deploy each Next.js app independently using workspace packages.