A slow loading time on embedded apps can be a frustrating experience for your users, slowing down their work and causing a negative impression of your app. Even worse is when your app fails to load at all, meaning you spend your time chasing down reports and trying to identify the cause.
What causes slow loading times or failed loads on embedded apps can be how your app authenticates with Shopify. In this article, we’ll look at how app authentication on embedded apps works, and a brand-new solution for fixing this frustrating problem.
How your embedded app loads today
A merchant clicks a link to load your app and a few seconds later it’s there on the screen. What happens under the hood to make that happen?
First, Shopify creates an
iframe in the Shopify admin, and sets the URL to the URL of your app. When the browser makes the request to your app, it includes any cookies that your app has previously set. These cookies contain session information that make it possible for your app to recognize who is accessing it.
Sometimes no cookies exist, or the session contains no user information. In this case, your app redirects the user to Shopify’s OAuth service. The OAuth service validates that the user has installed your app, and then redirects the user back to your app, passing back information your app can use to recognize the user. Your app stores the user information and links it to the session cookie, so that future interactions can occur without the OAuth service’s involvement.
Now that your app knows who the user is, it can load with information specific to that user.
You might also like: API Deprecation at Shopify: 2020-10 Edition.
Why your app sometimes loads slowly
The process of redirecting to the OAuth server is slow. In order to set the session cookie, the redirect can’t happen inside the
iframe. Instead, the entire browser needs to be redirected, leaving the Shopify admin. It only redirects the user back to the Shopify admin and the embedded app page at the end of all the redirects needed for OAuth. In many cases, browser redirects can be made to appear seamless to the user. However, the number of redirects needed and the jumps back and forth between the
iframe and the top frame of the browser make this app loading behavior feel disorienting and slow to the user.
The whole flow looks like this:
iframe: App loads
- Top frame: App redirects to Shopify OAuth
- Top frame: Shopify OAuth redirects to app
- Top frame: App loads, notices it’s outside of the iframe, and redirects to the admin
- Top frame: The admin loads
iframe: App loads
Each of these steps decreases performance, and several of them together can result in poor UX. Total load times might climb as high as 10 seconds, an eternity for impatient users.
Build apps for Shopify merchants
Whether you want to build apps for the Shopify App Store, offer custom app development services, or are looking for ways to grow your user base, the Shopify Partner Program will set you up for success. Join for free and access educational resources, developer preview environments, and recurring revenue share opportunities.Sign up
Why your app sometimes doesn’t load at all
Over the past several years, browser vendors have focused on increasing user privacy. This is a good thing for users, as it gives them more control over how their data is collected. In particular, browser vendors have tried to stop the “tracking” of users across sites.
"Over the past several years, browser vendors have focused on increasing user privacy."
Neither Shopify nor its apps are the kind of “trackers” that browser vendors want to block. However, the core technology we use to power embedded apps (iframes) is the same technology many sites use for cross-site tracking. As a result, the restrictions that browser vendors have implemented (such as Safari’s Intelligent Tracking Prevention) to stop cross-site tracking have made it more difficult for Shopify apps to function.
There are ways to work around limitations like Safari’s Intelligent Tracking Prevention, but they’re difficult to implement, force undesirable UX choices, and don’t cover every use case.
You might also like: 5 Key Strategies to Improve Your App Support.
How to fix slow app loading times and third-party cookie errors
Shopify has implemented a better way to load your app. Instead of using a session cookie to store and retrieve user information, you can now use a session token. These session tokens are secure packets containing information about the user accessing your app. Just like session cookies, they allow your app to know which user is using it.
When your app loads, the front end can retrieve session tokens via App Bridge. Once your app front end has a session token, it can include it in requests to your app backend. The session token includes all the information your app needs to identify the user. This means that in most cases, your app only needs to perform an OAuth redirect for the initial install, and does not need to store the user information in a cookie. Instead, after the initial install, your app can rely on session tokens.
This mechanism is significantly more reliable and faster than the cookie-based approach. Apps that have adopted App Bridge authentication load up to four times faster and have no cookie-related loading failures. For a side-by-side comparison of how much faster embedded apps load with App Bridge authentication in the video below:
"Apps that have adopted App Bridge authentication load up to four times faster and have no cookie-related loading failures."
To learn more about how to implement the session token, follow the link below to access our dedicated tutorial.
A better experience for your users
Issues with loading speed and reliability can frustrate your users and hold your app back. The increasing restrictions browsers are placing on third-party cookies will only make this worse.
With Shopify’s new authentication solution for embedded apps, you can fix both problems at once and provide a better user experience to your app users. Crack open the tutorial and get started—your users will thank you!