The full setup, from OAuth to a working storefront button, in six steps. Read-only on your store, GDPR-safe, ESPR-aligned. Six minutes total if you don’t pause to admire how clean the import flow is.
From /admin/import in your Product Passes workspace, enter your shop domain (your-store.myshopify.com) and click Connect. You'll be sent to Shopify's consent screen — review the five read-only scopes (no write access, no customer data), then click Install. You'll land back on /admin/import with a connected card and your initial import already in flight.
Every Shopify product becomes a Pending passport draft. Pending = imported but not yet published. Drafts don't consume your plan's activation cap, so you can import a 500-product catalogue on Studio without paying for Foundry first. Use the Preview before commit link on the connected card to see how 3 products will map before kicking off a full resync.
Shopify doesn't natively have materials, care, repair, end-of-life, or certification fields. Two options: (a) install the Productpasses metafield set — one click from the connected card — and fill them directly in your Shopify product admin, where they sync in on every webhook; or (b) edit them in Product Passes and they'll be locked against future Shopify changes.
When you're ready to publish, click Activate all on the connected card. Cap-aware: anything over your plan limit is skipped with a clear reason, no surprises. Activated passports get a public URL at productpasses.com/p/{handle} immediately.
Open your Shopify admin → Online Store → Themes → Customize → any product page. Add the Digital Product Passport block from the Product Passes group. The block auto-renders a 'View Digital Product Passport' button using the URL we write to product.metafields.productpasses.passport_url on activate. Running multiple themes (live + preview + seasonal)? You'll need to add the block in each — Shopify scopes theme customisations per theme.
For products sold in physical retail, ESPR requires a scannable code on the product itself. From any passport in /admin/products, click the QR icon to download a print-ready QR resolving to that passport's URL. See the QR placement guide for surface-by-surface recommendations.
Passports stay — they're your compliance records, not Shopify's. The connection is marked inactive, the encrypted access token is deleted from our vault, and live sync stops. If you reinstall the same shop later, every Shopify product re-links to its existing passport automatically (no duplicates).
Only one thing: the public passport URL as a productpasses.passport_url metafield, written when you activate a passport. This is what the theme block reads. We never modify product titles, descriptions, photos, prices, inventory, orders, or customer data.
Product Passes wins. The first time you edit a Shopify-sourced field locally, it locks against incoming Shopify changes — you'll see a small 'edited locally · pull from Shopify' pill. Click the pill to unlock and re-pull, or leave it locked.
Most merchants treat Shopify drafts as work-in-progress. By default we exclude them from import — only active products land. Use the 'Include drafts' checkbox on Resync if you want them in. Drafts you create later in Shopify also won't auto-flow until they're marked active.
Negligibly. The theme block is a single button rendered from a Liquid variable; no JavaScript, no external fetch on storefront load. The passport URL is already in the product metafield, so rendering it is free.
We respond 200 to all three Shopify GDPR webhooks (customers/data_request, customers/redact, shop/redact) within seconds. customers/* are empty responses because we never access customer data. shop/redact hard-deletes your connection + vault secret.
Email jussi@digikamu.fi with your shop domain and a screenshot. Usually we’re back within a few hours during EU business hours.