← BACK TO LEVEL SELECT

🌐 Full-Stack

Flash Upsell — Multi-Tenant Shopify App

A multi-tenant Shopify app that shows targeted in-checkout upsells, applies a real WASM-backed discount, and tracks the revenue each offer actually earns.

Overview

Flash Upsell is a Shopify app that raises average order value by showing shoppers a relevant offer at checkout — and then proving it worked. It’s a full-stack, multi-tenant SaaS embedded in the Shopify admin, built to serve unlimited merchant stores from a single deployment with hard data-isolation between them.

Architecture

flowchart LR
  A["Shopper<br/>at checkout"] --> B["Checkout UI<br/>extension"]
  B -->|"App Proxy (signed)"| C["Offer API<br/>/api/upsell/checkout"]
  C --> D{"Active rule<br/>matches?"}
  D -->|"yes"| E["Rule offer<br/>(by priority)"]
  D -->|"no"| F["Template<br/>strategy"]
  E --> G["Offer card<br/>+ discounted price"]
  F --> G
  G -->|"add to order, line tagged"| H["Shopify Function<br/>discount (WASM)"]
  H --> I["orders/create<br/>webhook"]
  I --> J["Tenant-safe DB<br/>conversion + revenue"]
  J --> K["Analytics<br/>accept rate / AOV"]

Engineering decisions

  • Multi-tenant by construction — every row is scoped to shop_id through a tenant-safe data wrapper that injects the tenant filter at the data layer, so one database serves unlimited merchants with no cross-tenant reads or writes. Isolation is a default, not a per-query checklist item.
  • Real discounts, not fake price edits — the offer’s discount is a Shopify Functions extension (JS compiled to WASM via Javy) that reads a line attribute and reduces only the upsell line, capped by a margin guardrail, and unit-tested as its own workspace.
  • Two-tier offer engine — precise product→product Rules evaluated by priority (with min/max cart-value bounds) take precedence over store-wide Templates (Related / Upgrade / Bundle), with pure, unit-tested matching logic.

Highlights

  • Closed-loop conversion tracking — an orders/create webhook matches the upsell line back to its offer and records accepted revenue, with honest analytics that distinguishes “offers shown” from “revenue not tracked yet” rather than faking zeros.
  • Platform-native + compliance-aware — embedded admin on React Router v7 + App Bridge + Polaris web components, App-Proxy-verified storefront calls, GDPR privacy webhooks, and Protected Customer Data handling for order scopes.