Skip to content

    Shopify Merchants: Gain Back Some Independence

    Working with Shopify

    All-in-one platforms are like hotel minibars—convenient, expensive, and limited. 

    For many early-stage merchants, a full-service payment service provider (PSP) is precisely what’s needed to make e-commerce a reality. Shopify, with its built-in PSP, Shopify Payments, is one example of simplicity and convenience being paired to grow an e-commerce site.

    As the e-commerce activity scales and billing needs evolve, the trade-offs to a full-service PSP start to show:

    • Failed payments can’t be retried with another PSP. 
    • Transaction fees are locked in.
    • PSP outages and maintenance become more costly.
    • Customer card data isn’t portable. 

    These limitations affect how much revenue is recovered, and realized.

    Overcoming these challenges doesn’t require migrating away from Shopify or the original full-service PSP. Rather, they are signposts to the need to implement a payment vault and take back some independence from your PSP. Securely capturing and storing payment data independently from a PSP enables the merchant to keep the checkout experience consistent, access the data without taking on resource-heavy security responsibilities, and ensure every transaction can be presented for processing. 

    Now, the merchant can retry a failed transaction, renew expired credentials programmatically, and create redundancy in case the full-service PSP has downtime. 

    Merchants using Shopify-hosted payment SDKs, or other custom gateways, have a path forward with Basis Theory.

    Can Basis Theory vault payment data from Shopify? 

    Absolutely, as long as you have access to Shopify’s hosted payment SDK or a compatible custom gateway. 

    With Shopify, as with most full-service PSPs, payment data vaulting happens behind the scenes, executed by the PSP on behalf of the merchant. Vaulting feels automatic by design and is all part of the convenience of that full-service experience. However, because the merchant does not control this data, retrying payments outside of Shopify is impossible: updating a card or routing a transaction to another PSP can’t happen. 

    Using an independent payment vault, like Basis Theory, allows the merchant to capture and store the payment data before it’s handed off to Shopify’s processor. There’s no disruption to the checkout experience, nor is there any need to rip out an existing PSP. 

    Return to Top

    How Basis Theory works with Shopify 

    The video below provides a technical demo of the Basis Theory payment vault acting in concert with the Shopify Payment App program. After extensive research and development—including custom code and key rotation support—our team published a Node.js package for Shopify payload decryption in their open-source repository. 

    The video acts as a technical case study on adapting to evolving documentation while still implementing secure payment data flows. Our team was excited to contribute open-source tools for the Shopify ecosystem!


    “After many hours in Stack Overflow and countless prompts in ChatGPT and Bard, the POC code finally worked. I was successfully verifying the encrypted code payload and obtaining the plaintext card number, expiration, and cvc. So I did some code polishing, added key rotation support, and published a Shopify JS package under the company's open source repositories. We may end up consolidating all encryption utilities in a single repository in the future, but for now, our customers and the community can make use of this maintained package in their Node.js environments.” - Davi Aquino, Sales Engineer

    Return to Top

    When should a merchant get started? 

    It’s not an exaggeration to say this should have started yesterday.

    The need for flexibility in payments usually reveals itself after a pain point surfaces—failed payments that can’t be retried, a PSP outage that can’t be routed around, a processing fee bill that far exceeds expectations. Don’t wait for that moment; prepare for it. 

    If you’re considering an additional payment method or PSP—or building sophisticated billing, retry, or orchestration logic—an independent payment vault is the foundational element to unlock these opportunities. Outgrowing a full-service PSP is a sign of growth! 

    Follow this interactive checklist to learn best practices for implementing an independent payment vault. 

    Return to Top

    Stay Connected

    Receive the latest updates straight to your inbox