Skip to main content
Your dashboard UI can be hosted almost anywhere. The important choice is where your secure proxy runs. 
Theme/customer-account UI
  -> calls
Backend proxy (auth + CC + Shopify operations)
  -> calls
CreatorCommerce + Shopify APIs
This keeps API keys and write permissions off the client.

Hosting Options

UI Layer

  • Shopify theme + customer account templates
  • Embedded app UI/extensions
  • External React/Next frontend

Proxy/API Layer

  • Serverless functions (Vercel/AWS/Cloudflare)
  • Container app (Render/Railway/Fly/DO App Platform)
  • Existing backend service in your stack

File Upload Layer (Optional)

  • Direct upload to your own storage/CDN
  • Upload worker service, then save returned media URL in CC enhancement/custom fields

Endpoint Design (Proxy)

Example backend routes:
  • GET /api/dashboard/collab?email=...
  • POST /api/dashboard/update-collab
  • POST /api/dashboard/update-drop
  • POST /api/dashboard/create-drop
  • POST /api/dashboard/update-product-enhancement
  • PATCH /api/dashboard/update-affiliate
Keep the frontend unaware of upstream credential details.

Practical Notes

  • Use one canonical base URL per environment (dev, staging, prod)
  • Add request timeouts and structured errors on all routes
  • Log route, collabId/dropId, and status for operational debugging
  • Prefer idempotent update flows when possible

Security Baseline

  • Do not call privileged CC endpoints directly from browser JS
  • Do not expose CC tokens/API keys in Liquid or frontend bundles
  • Validate customer identity and collab ownership on every write
  • Apply rate limiting + basic abuse protections to mutation endpoints