Edge-native · Global · Secure

Your Shopify storefront,
secure and edge-fast.

Connect your custom headless site to Shopify without ever exposing your Storefront Access Token. We inject it at the edge, in milliseconds, from 330+ Cloudflare locations worldwide — or host the whole site for you.

Start free trial → ▶ See how it works

Edge Locations

<0ms

P99 Token Inject

Token Exposures

Uptime SLA

What We Offer

Two services.
One headless platform.

Use just the API proxy and bring your own hosting, or let us host everything. Either way, your Storefront Access Token stays sealed on our edge.

🔒

Secure API Router

Point your custom storefront at our edge endpoint instead of Shopify directly. We decrypt your Storefront Access Token in-memory at the Cloudflare PoP nearest your shopper, inject it into the request, and forward to Shopify's GraphQL API. The token never reaches the browser.

Token injected at the edge — never shipped to the client
AES-GCM encryption with KEK/DEK key separation
KV-cached config for sub-millisecond lookup
Full Storefront GraphQL passthrough (queries + mutations)
Per-request audit log with Cloudflare ray ID

🌐

Edge Storefront Hosting

Hand us your built storefront and we'll deploy it as an isolated tenant on Cloudflare Workers for Platforms. Static assets live in your own R2 bucket; your custom domain runs through Cloudflare for SaaS. Always-warm, always-near your shopper.

Per-tenant Workers for Platforms isolation
Custom hostname & automatic TLS via Cloudflare for SaaS
Per-tenant R2 storage for static assets
Zero cold-starts — warm at every edge node
API Router bundled — one platform, one bill

Why StorefrontProxy

Built for the three things
that matter most.

Security you can hand to an auditor. Speed your shoppers notice. Onboarding measured in minutes.

Secure by default

Your Storefront Access Token is encrypted with a KEK held in Cloudflare Secrets Store. It's only ever decrypted in worker memory — never logged, never returned to a browser, never at rest on disk in plaintext.

Edge-fast everywhere

Requests terminate at the Cloudflare PoP closest to your shopper — over 330 cities worldwide. Token injection adds under 5ms at the P99. Read queries are cached at the edge for instant repeat lookups.

Simple to onboard

Give us your Shopify domain and Storefront Access Token. Point your storefront at our edge endpoint (or hand us your build). You're serving requests in under 10 minutes — with rotation, billing, and observability built in.

Request Flow

From browser to Shopify
in milliseconds.

Every storefront API call follows the same secure path through our edge.

Request hits the edge

Your shopper's browser sends a GraphQL request to your custom domain. Our Edge Worker intercepts it at the nearest Cloudflare PoP and looks up your storefront config from KV in microseconds.

Token decrypted in-memory

The worker pulls your encrypted Storefront Access Token from KV, decrypts it with AES-GCM using a KEK held in Cloudflare Secrets Store, and injects it into the upstream request. Nothing is logged.

Proxied to Shopify, cached

The request is forwarded to Shopify's Storefront GraphQL API. Read responses are cached at the edge for subsequent requests. Every call is written to a per-tenant audit log with the Cloudflare ray ID.

Architecture

A clean split between
edge and source-of-truth.

All live traffic stays on the Cloudflare edge. Customer data and billing live in our hardened Azure SQL source-of-truth. The two planes only sync on configuration changes.

Your Shopify storefront, secure and edge-fast.

Two services. One headless platform.