Add domain transformation support for split-domain architectures

Author: weslleyaraujo

.changeset/major-sites-roll.md

@@ -0,0 +1,27 @@
+---
+'@shopify/shopify-api': major
+'@shopify/shopify-app-express': minor
+---
+
+**BREAKING CHANGE**: Removed `customShopDomains` configuration parameter. Use `domainTransformations` instead, which provides both validation and transformation capabilities.
+
+The `SHOP_CUSTOM_DOMAIN` environment variable is no longer supported.
+
+**Migration Guide**:
+
+If you were using `customShopDomains` for validation only:
+
+```typescript
+// Before 
+shopifyApi({
+  customShopDomains: ['custom\.domain\.com']
+})
+
+// After 
+shopifyApi({
+  domainTransformations: [{
+    match: /^([a-zA-Z0-9][a-zA-Z0-9-_]*)\.custom\.domain\.com$/,
+    transform: '$1.custom.domain.com'
+  }]
+})
+```

packages/apps/shopify-api/docs/reference/shopifyApi.md

@@ -108,6 +108,56 @@ Fixed Storefront API access token for private apps.
 
 Use this if you need to allow values other than `myshopify.com`.
 
+### domainTransformations
+
+`DomainTransformation[]` | Defaults to `undefined`
+
+Configure domain transformations for split-domain architectures (e.g., separate admin and API domains). Useful for local development environments.
+
+Each transformation can use either template strings with capture groups (`$1`, `$2`, etc.) or custom functions for complex logic.
+
+**Template string example:**
+
+```ts
+domainTransformations: [
+  {
+    match: /^([a-zA-Z0-9][a-zA-Z0-9-_]*)\.my\.shop\.dev$/,
+    transform: '$1.dev-api.shop.dev',
+  },
+];
+```
+
+**Function-based example:**
+
+```ts
+domainTransformations: [
+  {
+    match: /^([a-zA-Z0-9-_]+)\.admin\.example\.com$/,
+    transform: (matches) => {
+      const shopName = matches[1];
+      return shopName.startsWith('test-')
+        ? `${shopName}.api-staging.example.com`
+        : `${shopName}.api.example.com`;
+    },
+  },
+];
+```
+
+**Interface:**
+
+```ts
+interface DomainTransformation {
+  // Pattern to match source domain
+  match: RegExp | string;
+
+  // Transformation: function or template string with $1, $2 capture groups
+  transform: ((matches: RegExpMatchArray) => string | null) | string;
+
+  // Whether to include transformed domains in host validation (default: true)
+  includeHost?: boolean;
+}
+```
+
 ### billing
 
 `BillingConfig` | Defaults to `undefined`
@@ -164,17 +214,17 @@ Whether to add the current timestamp to every logged message.
 
 This function returns an object containing the following properties:
 
-| Property                            | Description                                                                                                                                             |
-| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| config                              | The options used to set up the object, containing the parameters of this function.                                                                      |
-| [auth](./auth/README.md)            | Object containing functions to authenticate with Shopify APIs.                                                                                          |
-| [clients](./clients/README.md)      | Object containing clients to access Shopify APIs.                                                                                                       |
-| [session](./session/README.md)      | Object containing functions to manage Shopify sessions.                                                                                                 |
-| [webhooks](./webhooks/README.md)    | Object containing functions to configure and handle Shopify webhooks.                                                                                   |
-| [billing](./billing/README.md)      | Object containing functions to enable apps to bill merchants.                                                                                           |
-| [flow](./flow/README.md)            | Object containing functions to authenticate Flow extension requests.
-| [fulfillment service](./fulfillment-service/README.md)            | Object containing functions to authenticate and create fulfillment service requests.                                                                                |
-| [utils](./utils/README.md)          | Object containing general functions to help build apps.                                                                                                 |
-| [rest](../guides/rest-resources.md) | Object containing OO representations of the Admin REST API. See the [API reference documentation](https://shopify.dev/docs/api/admin-rest) for details. |
+| Property                                               | Description                                                                                                                                             |
+| ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| config                                                 | The options used to set up the object, containing the parameters of this function.                                                                      |
+| [auth](./auth/README.md)                               | Object containing functions to authenticate with Shopify APIs.                                                                                          |
+| [clients](./clients/README.md)                         | Object containing clients to access Shopify APIs.                                                                                                       |
+| [session](./session/README.md)                         | Object containing functions to manage Shopify sessions.                                                                                                 |
+| [webhooks](./webhooks/README.md)                       | Object containing functions to configure and handle Shopify webhooks.                                                                                   |
+| [billing](./billing/README.md)                         | Object containing functions to enable apps to bill merchants.                                                                                           |
+| [flow](./flow/README.md)                               | Object containing functions to authenticate Flow extension requests.                                                                                    |
+| [fulfillment service](./fulfillment-service/README.md) | Object containing functions to authenticate and create fulfillment service requests.                                                                    |
+| [utils](./utils/README.md)                             | Object containing general functions to help build apps.                                                                                                 |
+| [rest](../guides/rest-resources.md)                    | Object containing OO representations of the Admin REST API. See the [API reference documentation](https://shopify.dev/docs/api/admin-rest) for details. |
 
 [Back to reference index](./README.md)

packages/apps/shopify-api/docs/reference/utils/sanitizeShop.md

@@ -2,7 +2,7 @@
 
 This method makes user inputs safer by ensuring that a given shop value is a properly formatted Shopify shop domain.
 
-> **Note**: if you're using custom shop domains for testing, you can use the `customShopDomains` setting to add allowed domains.
+> **Note**: if you're using custom shop domains for testing, you can use the `customShopDomains` setting to add allowed domains. For split-domain architectures (e.g., local development with separate admin and API domains), use `domainTransformations` to configure domain mappings that will be automatically applied during sanitization.
 
 ## Example
 

packages/apps/shopify-api/lib/__tests__/test-config.ts

@@ -68,7 +68,6 @@ const TEST_CONFIG = {
   apiVersion: ApiVersion.July25,
   isEmbeddedApp: false,
   isCustomStoreApp: false,
-  customShopDomains: undefined,
   billing: undefined,
   restResources: undefined,
   logger: {

packages/apps/shopify-api/lib/auth/get-embedded-app-url.ts

@@ -45,7 +45,7 @@ export function buildEmbeddedAppUrl(
   config: ConfigInterface,
 ): BuildEmbeddedAppUrl {
   return (host: string): string => {
-    sanitizeHost()(host, true);
+    sanitizeHost(config)(host, true);
     const decodedHost = decodeHost(host);
 
     return `https://${decodedHost}/apps/${config.apiKey}`;

packages/apps/shopify-api/lib/base-types.ts

@@ -3,7 +3,7 @@ import {ShopifyRestResources} from '../rest/types';
 
 import {AuthScopes} from './auth/scopes';
 import {BillingConfig} from './billing/types';
-import {ApiVersion, LogSeverity} from './types';
+import {ApiVersion, DomainTransformation, LogSeverity} from './types';
 
 /**
  * A function used by the library to log events related to Shopify.
@@ -69,9 +69,31 @@ export interface ConfigParams<
    */
   privateAppStorefrontAccessToken?: string;
   /**
-   * Override values for Shopify shop domains.
-   */
-  customShopDomains?: (RegExp | string)[];
+   * Custom domain transformations for split-domain architectures.
+   *
+   * Transformations are applied in order. The first matching transformation is used.
+   * If no transformation matches, the domain is validated as-is.
+   *
+   * @example
+   * // Simple template-based transformation
+   * domainTransformations: [{
+   *   match: /^([a-zA-Z0-9][a-zA-Z0-9-_]*)\.my\.shop\.dev$/,
+   *   transform: '$1.dev-api.shop.dev'
+   * }]
+   *
+   * @example
+   * // Function-based transformation with custom logic
+   * domainTransformations: [{
+   *   match: /^([^.]+)\.ui\.example\.com$/,
+   *   transform: (matches) => {
+   *     const shopName = matches[1];
+   *     return shopName.startsWith('test-')
+   *       ? `${shopName}.api-staging.example.com`
+   *       : `${shopName}.api.example.com`;
+   *   }
+   * }]
+   */
+  domainTransformations?: DomainTransformation[];
   /**
    * Billing configurations for the app.
    */

packages/apps/shopify-api/lib/config.ts

@@ -64,7 +64,6 @@ export function validateConfig<Params extends ConfigParams>(
     userAgentPrefix,
     logger,
     privateAppStorefrontAccessToken,
-    customShopDomains,
     billing,
     future,
     ...mandatoryParams
@@ -89,7 +88,6 @@ export function validateConfig<Params extends ConfigParams>(
     logger: {...config.logger, ...(logger || {})},
     privateAppStorefrontAccessToken:
       privateAppStorefrontAccessToken ?? config.privateAppStorefrontAccessToken,
-    customShopDomains: customShopDomains ?? config.customShopDomains,
     billing: billing ?? config.billing,
     future: future ?? config.future,
   });

packages/apps/shopify-api/lib/types.ts

@@ -125,3 +125,41 @@ export enum Method {
   Options = 'OPTIONS',
   Connect = 'CONNECT',
 }
+
+/**
+ * Configuration for transforming shop domains in split-domain architectures.
+ *
+ * @example
+ * // Template-based transformation
+ * {
+ *   match: /^([a-zA-Z0-9][a-zA-Z0-9-_]*)\.my\.shop\.dev$/,
+ *   transform: '$1.dev-api.shop.dev'
+ * }
+ *
+ * @example
+ * // Function-based transformation
+ * {
+ *   match: /^([^.]+)\.ui\.example\.com$/,
+ *   transform: (matches) => `${matches[1]}.api.example.com`
+ * }
+ */
+export interface DomainTransformation {
+  /**
+   * Pattern to match against shop domains (source domain).
+   * Can be a RegExp or string (converted to RegExp internally).
+   */
+  match: RegExp | string;
+
+  /**
+   * Transformation function or template string.
+   * - Template string: Uses $1, $2, etc. for capture group substitution
+   * - Function: Receives regex match groups and returns transformed domain
+   */
+  transform: ((matches: RegExpMatchArray) => string | null) | string;
+
+  /**
+   * Whether this transformation should also apply to host validation.
+   * @default true
+   */
+  includeHost?: boolean;
+}