Shopify + Link Autonomous Checkout

Buy products from any Shopify store using Stripe Link for payment and Playwright for browser checkout.

Prerequisites

Stripe Link CLI

npm install -g @stripe/link-cli
link-cli auth login --client-name "YourAgent" --format json

User approves at the returned verification_url. Backup credentials from ~/.config/link-cli-nodejs/config.json.

Shopify Catalog API

Get credentials at dev.shopify.com/dashboard → Catalogs → Get API key.

Store CLIENT_ID and CLIENT_SECRET in your env.

Playwright + Chromium

npm install playwright
npx playwright install chromium

If missing system libs (headless server), download Debian packages manually and set LD_LIBRARY_PATH. See references/chromium-deps.md.

Workflow

Step 1: Find the Product

Option A — Catalog API (search across all Shopify merchants):

# Get auth token (60min TTL)
TOKEN=$(curl -s -X POST https://api.shopify.com/auth/access_token \
  -H 'Content-Type: application/json' \
  -d '{"client_id":"'$CLIENT_ID'","client_secret":"'$CLIENT_SECRET'","grant_type":"client_credentials"}' \
  | jq -r .access_token)

# Search
curl -s -X POST https://catalog.shopify.com/api/ucp/mcp \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "jsonrpc":"2.0","method":"tools/call","id":1,
    "params":{"name":"search_catalog","arguments":{
      "meta":{"ucp-agent":{"profile":"https://shopify.dev/ucp/agent-profiles/examples/2026-04-08/valid-with-capabilities.json"}},
      "catalog":{"query":"YOUR SEARCH QUERY","filters":{"ships_to":{"country":"US"},"available":true}}
    }}
  }'

Response includes variants[].id, variants[].seller.domain, variants[].price, and variants[].checkout_url.

Option B — Direct store lookup (known store):

GET https://{store-domain}/products/{handle}.json

Returns variant IDs and prices.

Step 2: Create Link Spend Request

link-cli spend-request create \
  --payment-method-id "<PAYMENT_METHOD_ID>" \
  --amount <AMOUNT_IN_CENTS> \
  --context "<DESCRIPTION_OF_PURCHASE>" \
  --merchant-name "<STORE_NAME>" \
  --merchant-url "<STORE_URL>" \
  --request-approval \
  --format json

• Amount should cover product + tax + shipping (estimate generously)
• Context must be 100+ chars describing the purchase (user reads this when approving)
• Send the returned approval_url to the user

List payment methods: link-cli payment-methods list --format json

Step 3: User Approves

Poll for approval:

link-cli spend-request retrieve <ID> --interval 2 --max-attempts 150 --format json

Step 4: Get One-Time Card

link-cli spend-request retrieve <ID> --include card --format json

Returns: card.number, card.exp_month, card.exp_year, card.cvc, card.billing_address.

Step 5: Run Checkout

export LD_LIBRARY_PATH="<path-to-chromium-deps>"  # if needed
node scripts/shopify-checkout.mjs <store-domain> <variant-id> <card-number> <MM/YY> <cvc> \
  --email <email> --first <name> --last <name> \
  --address "<street>" --apt "<unit>" --city "<city>" --state <ST> --zip <zip> \
  --phone <phone>

See scripts/shopify-checkout.mjs for the full automation script.

Key Technical Details

Cart Permalink Bypass

Always use https://{domain}/cart/{variantId}:1 to enter checkout. This bypasses Cloudflare bot detection that blocks direct /checkout navigation.

Checkout Types

Shopify has two checkout layouts:

• Single-page: Email, address, shipping, payment all visible. Common on newer stores.
• Multi-step: Information → Shipping → Payment. Must click "Continue" between steps.

Detect by checking for button:has-text("Continue to shipping") on page load.

Address Entry

Use pressSequentially() with the full address including city to trigger Shopify's autocomplete, then click the [role="option"] suggestion. This properly validates the address. Plain fill() may not trigger validation events.

Phone Numbers

Some stores require phone. Always use pressSequentially(), never fill(). Never use fake numbers (555-xxxx) — stores validate them. Then Tab to blur the field.

Card PCI Iframes

Shopify checkout uses isolated PCI-compliant iframes for card entry:

• number-ltr → #number (card number)
• expiry-ltr → #expiry (MM/YY format)
• verification_value-ltr → #verification_value (CVC)
• name-ltr → #name (cardholder name)

Access via page.frames().find(f => f.url().includes('number-ltr')).

Modal Popups

Some stores show Shop Pay / login modals on checkout load. Dismiss with:

await page.keyboard.press('Escape');
await page.evaluate(() => {
  document.querySelectorAll('[data-type="modal"]').forEach(el => el.remove());
});

The Click IS the Purchase

Once "Pay now" is clicked, the order is placed server-side immediately. The browser redirect to /thank_you may lag or fail in headless mode. Don't treat missing confirmation page as failure — check email instead.

Error Handling

References

• scripts/shopify-checkout.mjs — Full checkout automation script
• references/chromium-deps.md — Installing Chromium on headless servers without root
• Stripe Link for Agents — Link CLI docs
• Shopify Agentic Commerce — Catalog + Cart + Checkout MCP
• Link skill.md — Official Link CLI skill reference