Payment mandates now expose an id field

Shopify taught AI to spot duplicate products. Here’s why retailers are scrambling.

Shopify ra mắt Catalog, hệ thống sử dụng LLMs để gom nhóm sản phẩm trùng lặp dưới một mã định danh sản phẩm chung, giúp các AI shopping agent nhận diện mặt hàng giống nhau. Hệ thống này xác định "giá trị cốt lõi" của sản phẩm để nhóm đúng biến thể, đồng thời Shopify cùng Google giới thiệu giao thức UCP, tiêu chuẩn mở cho tương tác AI với thương nhân, được ủng hộ bởi nhiều nhà bán lẻ lớn.

Lập trình viên nên đọc bài này để hiểu cách AI hiện đại hóa quản lý sản phẩm thương mại điện tử bằng cách xử lý dữ liệu sản phẩm phức tạp, từ đó tìm hiểu về kiến trúc hệ thống mới như Universal Product Identifier và cách tích hợp AI vào các nền tảng thương mại để tối ưu hóa trải nghiệm mua sắm và tự động hóa kinh doanh.

When software developers and AI agents share the learning

Shopify's River AI agent works exclusively in public Slack channels, turning every agent session into a visible, searchable transcript that feeds back into the agent's skills and defaults. This 'Lehrwerkstatt' (teaching workshop) model contrasts with the typical enterprise pattern where developers use private AI tools whose discoveries die when the session closes. The post argues that the real promise of agentic coding isn't individual productivity gains but organizational learning — making agent work inspectable, reusable, and improvable. It also examines agents.md as a mechanism for encoding non-inferable enterprise context, citing ETH Zurich research showing LLM-generated context files often hurt performance while human-written ones focused on unique domain knowledge help. The key takeaway: agent work should happen in public so the whole organization compounds on shared insights.

Trustpilot is embedding its reviews inside Shopify stores as AI search reshapes online shopping

Trustpilot has partnered with Shopify to let merchants embed and manage Trustpilot reviews natively inside their online stores, with the integration launching June 29. The deal is driven by a 1,490% surge in click-throughs from AI-powered search engines during Trustpilot's FY25. As AI assistants increasingly handle product discovery and purchases, verified human reviews are becoming critical data for AI recommendations. Trustpilot removed over four million fake reviews last year using ML detection tools. The company posted its first full-year operating profit of $16M on $211M revenue, with shares up 46% year-to-date on AI-search momentum.

Order-Tracking App Shop Abused to Push Callback Phishing Attacks

Threat actors are abusing Shopify's Shop order-tracking app by injecting fake purchase receipts from brands like Norton, McAfee, Apple, and PayPal into users' order histories. The fraudulent receipts include a phone number victims are urged to call to dispute the charge — a callback phishing technique. Callers are then socially engineered into revealing credentials, payment details, or one-time passcodes, and sometimes tricked into installing remote access software. Shopify has deployed new controls to reduce the activity. The attack is notable because it exploits user trust in a legitimate app rather than email, and can escalate from consumer fraud to enterprise endpoint compromise if employees are targeted on work devices.

Carrier services will no longer be automatically added to the default shipping profile

Starting with Shopify's GraphQL Admin API version 2026-10, creating a carrier service will no longer automatically add it to the shop's General shipping profile. Previously, active API carrier services were auto-added to eligible shipping zones. Now, developers must explicitly configure rates either by directing merchants to manually add carrier-calculated rates in the Shopify admin, or by programmatically adding them via the shipping profile APIs. Apps relying on the old automatic behavior must update their integrations or merchants won't see rates at checkout. Older supported API versions retain the existing behavior until sunset.

DraftOrderDiscountNotAppliedWarning.priceRule removed in GraphQL Admin API 2026-10

Trong phiên bản GraphQL Admin API 2026-10, Shopify đã loại bỏ trường priceRule đã lỗi thời khỏi đối tượng DraftOrderDiscountNotAppliedWarning. Các ứng dụng cần chuyển sang sử dụng discountTitle và discountCode thay thế trước khi nâng cấp.

Lập trình viên cần đọc để tránh bị lỗi khi ứng dụng của họ vẫn sử dụng priceRule trong GraphQL Admin API mới nhất, vì phiên bản 2026-10 đã loại bỏ trường này và yêu cầu chuyển sang discountTitle và discountCode để tránh lỗi khi nâng cấp.

Order-tracking app Shop abused to push callback phishing attacks

Threat actors are abusing Shopify's Shop order-tracking app by inserting fake purchase receipts into users' order histories. These fraudulent invoices impersonate brands like Norton, McAfee, Apple, and PayPal, and include phone numbers that connect victims to scammers posing as support agents. The scammers use social engineering to extract credentials, payment card details, and OTPs, or trick victims into installing remote access software. This callback phishing method is considered more effective than email-based fraud because users inherently trust the Shop app. No evidence of a compromise at Shopify or the impersonated companies has been found, and the exact delivery mechanism for the fake receipts remains unclear. Users are advised not to call numbers on suspicious receipts and to verify charges directly with their bank.