How Vitals discounts are applied from the Cart page to Checkout
Our app uses the actual product prices of a shop instead of directly converting the cart prices using the currency rate we receive from the storefront. This is to protect shop owners and merchants from potential fraud attempts since our discount APIs are public. Thus, if the price of a product changes for whatever reason there may be (such as due to Shopify's
International Pricing features and
location-based tax settings), our discounts won't be applied anymore.
To create discount codes that are applied on Shopify's Checkout, we use Shopify's PriceRules API. This API functions similarly to the "Discounts" section, where you can create Shopify Discounts from the Shopify Admin. All sums of money (discounts, minimum variant amount, etc.) need to be sent through the API using a shop's default currency. One of the validations we use when creating discounts is sending the minimum amount that needs to be present at checkout for the discount. This helps eliminate hacks/abuses by ensuring that discount codes can't be used in situations other than strictly those that qualify for a specific discount offer.
This API is publicly accessible, so anyone can use it to generate price rules. And so, if we are not very strict with the discount process, abusive clients could potentially generate themselves discounts that would be applicable even after they remove a product from the cart.