search
Ctrlk
Install LocksmithContact us

Setting up checkout validation with Locksmith

Protect against bots, cart permalink exploits, and other unauthorized orders by requiring specific customer tags to purchase products with specific product tags.

circle-info

Checkout validation is great for preventing unauthorized purchases β€” stopping bots, restricting high-demand products to approved customers, or enforcing wholesale/access rules at the point of sale.

hashtag
How it works

Unlike Locksmith's locks and keys system β€” which controls access to storefront pages and content β€” checkout validation runs directly in checkout. This means it catches attempts to bypass storefront restrictions entirely, including direct-to-checkout links and cart permalink exploits. A tagged product cannot be purchased unless the customer has one of the required tags, regardless of how the cart was assembled.

Because checkout needs to remain fast and efficient, Locksmith's checkout validation is limited to tag-based rules and cannot evaluate your full suite of key conditions. For more complex access control, use Locksmith's locks and keys on the storefront side in addition to checkout validation. Checkout validations are just a way to add a layer of extra checkout protection and, outside of specific circumstances, are often unneeded.

Each rule targets up to two product tags and up to two customer tags. A product matches if it has either product tag; a customer passes if they have either customer tag. You can create up to 25 rules per store.

hashtag
Prerequisites

  • Locksmith installed on your store

  • Products tagged appropriately in Shopify

  • Customer tags set up for the customers you want to allow

hashtag
Step 1: Enable checkout validations in Locksmith

  1. Open the Locksmith app from your Shopify admin.

  2. Click Settings in the navigation.

  3. Scroll down to the Checkout validations section.

  4. Check Enable checkout validations.

  5. Click Save.

After saving, Locksmith will prompt you to approve the write_validations permission. This is required for Locksmith to create and manage checkout rules in Shopify.

circle-exclamation

Any existing Locksmith checkout validation rules (created via an older version of Locksmith) will be automatically removed when you grant this permission. You will need to recreate them here in the Locksmith settings UI. Checkout rules created by other apps or directly in the Shopify admin are not affected.

hashtag
Step 2: Add a validation rule

Once the permission is approved and you return to the Settings page:

  1. Under Checkout validations, click Add checkout validation.

  2. Fill in the rule:

    • Product tags β€” the tag (or tags, comma-separated) on products that require validation. For example: wholesale-only or restricted, members-only.

    • Customer tags β€” the tag (or tags, comma-separated) a customer must have to be allowed through. For example: wholesale or approved, vip.

    • Error message (optional) β€” the message shown to blocked customers. You can use {{product_title}} to include the product name. Leave blank to use the default message.

  3. Make sure Active is checked.

  4. Click Done.

  5. Click Save at the top of the page.

circle-info

Each field supports up to two comma-separated tags. If you enter more, only the first two will be used.

hashtag
Step 3: Test your rule

Use a private browsing session (without the customer tag) to verify the rule blocks checkout, and a second test with an account that has the tag to confirm it passes through.

How to use a private browsing session

hashtag
Managing rules

  • Rules can be toggled on or off individually using the Active checkbox without deleting them.

  • Click Edit on any rule to update tags or the error message.

  • Click Delete to remove a rule entirely.

  • You can have up to 25 rules active at once (a Shopify platform limit across all apps).

PreviousLocking the home pageNextRestricting access to payment methods with Locksmith

Last updated

Was this helpful?