The Locksmith storefront API

Locksmith includes an AJAX-friendly API, embedded in your online store. This API can be used to check the current visitor's current authorization status for the resources that you name. For example, a search app could use this API to make sure a visitor has access to each of the resources that are in a set of search results, before showing those results to the visitor.



This API has a single endpoint, available on your online store's domain:

  • GET /apps/locksmith/api/resources

When calling this path, include a series of urls[] query parameters, naming the relative URLs of the resources you want to check on.


This API returns text/html responses, containing a JSON body. The Content-Type header should be ignored (it's a quirk of how Shopify's API proxy works), and the body should be interpreted as JSON.

The JSON response is an object whose keys are the URLs provided in the request's query parameters. The values are each objects themselves, containing state information defining the current visitor's authorization for each resource. The keys in these interior objects map to standard Locksmith variables; for their definitions, see Locksmith variables.


Some JavaScript libraries, like jQuery, make it easy to supply an array of query parameters in a way that serializes well for this API.

The example below uses jQuery to check on a single, specific product. See an interactive version of this example, here.

    { urls: ['/products/short-sleeve-t-shirt'] },
    (response) => {
      const resources = JSON.parse(response);

This script results in a logged value that looks like this:

  "\/products\/short-sleeve-t-shirt": {
    "canonical_url": "\/products\/short-sleeve-t-shirt",
    "locked": true,
    "access_granted": true,
    "access_denied": false,
    "manual_lock": false,
    "hide_resource": false,
    "hide_links_to_resource": false,
    "locks": {
      "all": [12345],
      "opened": [12345]
    "keys": [67890]
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.