Shopify + Link Autonomous Checkout

Buy products from any Shopify store using Stripe Link for payment and Playwright for browser checkout.

Prerequisites

Stripe Link CLI

npm install -g @stripe/link-cli
link-cli auth login --client-name "YourAgent" --format json

User approves at the returned verification_url. Backup credentials from ~/.config/link-cli-nodejs/config.json.

Shopify Catalog API

Get credentials at dev.shopify.com/dashboard → Catalogs → Get API key. Store CLIENT_ID and CLIENT_SECRET in your env.

Playwright + Chromium

npm install playwright
npx playwright install chromium

If missing system libs (headless server), download Debian packages manually and set LD_LIBRARY_PATH. See references/chromium-deps.md.

Workflow

Step 1: Find the Product

Option A — Catalog API (search across all Shopify merchants):

# Get auth token (60min TTL)
TOKEN=$(curl -s -X POST https://api.shopify.com/auth/access_token \
  -H 'Content-Type: application/json' \
  -d '{"client_id":"'$CLIENT_ID'","client_secret":"'$CLIENT_SECRET'","grant_type":"client_credentials"}' \
  | jq -r .access_token)

# Search
curl -s -X POST https://catalog.shopify.com/api/ucp/mcp \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "jsonrpc":"2.0","method":"tools/call","id":1,
    "params":{"name":"search_catalog","arguments":{
      "meta":{"ucp-agent":{"profile":"https://shopify.dev/ucp/agent-profiles/examples/2026-04-08/valid-with-capabilities.json"}},
      "catalog":{"query":"YOUR SEARCH QUERY","filters":{"ships_to":{"country":"US"},"available":true}}
    }}
  }'

Response includes variants[].id, variants[].seller.domain, variants[].price, and variants[].checkout_url.

Option B — Direct store lookup (known store):

GET https://{store-domain}/products/{handle}.json

Returns variant IDs and prices.

Step 2: Create Link Spend Request

link-cli spend-request create \
  --payment-method-id "<PAYMENT_METHOD_ID>" \
  --amount <AMOUNT_IN_CENTS> \
  --context "<DESCRIPTION_OF_PURCHASE>" \
  --merchant-name "<STORE_NAME>" \
  --merchant-url "<STORE_URL>" \
  --request-approval \
  --format json

• Amount should cover product + tax + shipping (estimate generously)
• Context must be 100+ chars describing the purchase (user reads this when approving)
• Send the returned approval_url to the user

List payment methods: link-cli payment-methods list --format json

Step 3: User Approves

Poll for approval:

link-cli spend-request retrieve <ID> --interval 2 --max-attempts 150 --format json

Step 4: Get One-Time Card

link-cli spend-request retrieve <ID> --include card --format json

Returns: card.number, card.exp_month, card.exp_year, card.cvc, card.billing_address.

Step 5: Run Checkout

export LD_LIBRARY_PATH="<path-to-chromium-deps>"  # if needed
node scripts/shopify-checkout.mjs <store-domain> <variant-id> <card-number> <MM/YY> <cvc> \
  --email <email> --first <name> --last <name> \
  --address "<street>" --apt "<unit>" --city "<city>" --state <ST> --zip <zip> \
  --phone <phone>

See scripts/shopify-checkout.mjs for the full automation script.

Key Technical Details

Cart Permalink Bypass

Always use https://{domain}/cart/{variantId}:1 to enter checkout. This bypasses Cloudflare bot detection that blocks direct /checkout navigation.

Checkout Types

Shopify has two checkout layouts:

• Single-page: Email, address, shipping, payment all visible. Common on newer stores.
• Multi-step: Information → Shipping → Payment. Must click "Continue" between steps.

Detect by checking for button:has-text("Continue to shipping") on page load.

Address Entry

Use pressSequentially() with the full address including city to trigger Shopify's autocomplete, then click the [role="option"] suggestion. This properly validates the address. Plain fill() may not trigger validation events.

Phone Numbers

Some stores require phone. Always use pressSequentially(), never fill(). Never use fake numbers (555-xxxx) — stores validate them. Then Tab to blur the field.

Card PCI Iframes

Shopify checkout uses isolated PCI-compliant iframes for card entry:

• number-ltr → #number (card number)
• expiry-ltr → #expiry (MM/YY format)
• verification_value-ltr → #verification_value (CVC)
• name-ltr → #name (cardholder name)

Access via page.frames().find(f => f.url().includes('number-ltr')).

Modal Popups

Some stores show Shop Pay / login modals on checkout load. Dismiss with:

await page.keyboard.press('Escape');
await page.evaluate(() => {
  document.querySelectorAll('[data-type="modal"]').forEach(el => el.remove());
});

The Click IS the Purchase

Once "Pay now" is clicked, the order is placed server-side immediately. The browser redirect to /thank_you may lag or fail in headless mode. Don't treat missing confirmation page as failure — check email instead.

Error Handling

Error	Cause	Fix
Cloudflare "Just a moment..."	Bot detection	Use cart permalink, not /checkout
"Enter a phone number"	Required field or fake number	Use real phone with pressSequentially
"Issue processing payment"	Card declined or expired	Create fresh Link spend request
"Checkout system error"	Shopify infra issue or rate limit	Wait and retry
Modal intercepts clicks	Shop Pay popup	Dismiss with Escape + remove via JS
Card frames not found	Multi-step checkout, not at payment step yet	Navigate through steps first

References

• scripts/shopify-checkout.mjs — Full checkout automation script
• references/chromium-deps.md — Installing Chromium on headless servers without root
• Stripe Link for Agents — Link CLI docs
• Shopify Agentic Commerce — Catalog + Cart + Checkout MCP
• Link skill.md — Official Link CLI skill reference