# Setting up checkout validation with Locksmith {% hint style="info" %} Checkout validation is great for preventing unauthorized purchases — stopping bots, restricting high-demand products to approved customers, or enforcing wholesale/access rules at the point of sale. {% endhint %} ## How it works Unlike Locksmith's locks and keys system — which controls access to storefront pages and content — checkout validation runs directly in checkout. This means it catches attempts to bypass storefront restrictions entirely, including direct-to-checkout links and cart permalink exploits. A tagged product cannot be purchased unless the customer has one of the required tags, regardless of how the cart was assembled. Because checkout needs to remain fast and efficient, Locksmith's checkout validation is limited to tag-based rules and cannot evaluate your full suite of key conditions. For more complex access control, use Locksmith's locks and keys on the storefront side in addition to checkout validation. Checkout validations are just a way to add a layer of extra checkout protection and, outside of specific circumstances, are often unneeded. Each rule targets up to two product tags and up to two customer tags. A product matches if it has **either** product tag; a customer passes if they have **either** customer tag. You can create up to 25 rules per store. ## Prerequisites * **Locksmith** installed on your store * Products tagged appropriately in Shopify * Customer tags set up for the customers you want to allow ## Step 1: Enable checkout validations in Locksmith 1. Open the **Locksmith** app from your Shopify admin. 2. Click **Settings** in the navigation. 3. Scroll down to the **Checkout validations** section. 4. Check **Enable checkout validations**. 5. Click **Save**. After saving, Locksmith will prompt you to approve the **write\_validations** permission. This is required for Locksmith to create and manage checkout rules in Shopify. {% hint style="warning" %} Any existing Locksmith checkout validation rules (created via an older version of Locksmith) will be automatically removed when you grant this permission. You will need to recreate them here in the Locksmith settings UI. Checkout rules created by other apps or directly in the Shopify admin are not affected. {% endhint %} ## Step 2: Add a validation rule Once the permission is approved and you return to the Settings page: 1. Under **Checkout validations**, click **Add checkout validation**. 2. Fill in the rule: * **Product tags** — the tag (or tags, comma-separated) on products that require validation. For example: `wholesale-only` or `restricted, members-only`. * **Customer tags** — the tag (or tags, comma-separated) a customer must have to be allowed through. For example: `wholesale` or `approved, vip`. * **Error message** *(optional)* — the message shown to blocked customers. You can use `{{product_title}}` to include the product name. Leave blank to use the default message. 3. Make sure **Active** is checked. 4. Click **Done**. 5. Click **Save** at the top of the page. {% hint style="info" %} Each field supports up to **two** comma-separated tags. If you enter more, only the first two will be used. {% endhint %} ## Step 3: Test your rule Use a private browsing session (without the customer tag) to verify the rule blocks checkout, and a second test with an account that has the tag to confirm it passes through. [How to use a private browsing session](/tutorials/more/how-to-use-a-private-browsing-session.md) ## Managing rules * Rules can be toggled on or off individually using the **Active** checkbox without deleting them. * Click **Edit** on any rule to update tags or the error message. * Click **Delete** to remove a rule entirely. * You can have up to **25 rules** active at once (a Shopify platform limit across all apps). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.locksmith.guide/tutorials/more/setting-up-checkout-validation-with-locksmith.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.