Custom Integrations — Extensions
Custom Integrations are how you make Galactic Core work the way your business does. There are two ways to build one, and this page covers the platform-native path — Extensions — where Galactic Core does the plumbing for you. (The other path, running your own service entirely outside the platform and driving it over the API, is Bring Your Own Compute — reach for it when an Extension doesn’t cover what you need.) With Extensions there are two things you can build:Automations
React to a store event —
order.paid, product.stock_low, cart.abandoned — with a no-code recipe or a small custom function. “When X happens, call my system / sync a field / send a message.”Custom Providers
Become the implementation Galactic Core calls for a capability — Email, SMS, Marketing, Tax, Shipping rates, Sales channels, or Payments — standing in for the built-in integration.
Where extensions live: you create and manage extensions in your Tybrite dashboard under Settings → Extensions — not through the storefront API. A recipe builder, a code editor, a remote-endpoint registration form, and a live run-log debugger are all there.
The two building blocks
Automations
An automation runs after the fact, off a real store event, and never blocks anything. You author it two ways:- A recipe — a small, validated JSON graph (
trigger → filter → transform → action) with no raw code. Ideal for the “notify my system / call an API onorder.paid” case. - A custom function — a small handler when you need real logic.
Custom providers
A custom provider implements one of seven named interfaces and, when selected, is dispatched at that subsystem’s seam in place of the built-in path:For single-active interfaces (Email, SMS, Tax, Marketing) selecting a custom provider replaces the built-in for that capability. Shipping adds a rate source next to the native ones; Sales channels are fully multi-active; Payments route per transaction, so your custom method runs alongside the native processors.
Advertising is a separate, platform-managed provider — you connect it rather than build it. See Advertising.
Execution modes: hosted vs remote
Every custom function and provider runs in one of two modes. The contract is identical — only where the code runs differs.Hosted
You write a handler; Galactic Core runs it in an isolated sandbox. Your provider secrets are held in our secure vault and injected at run time. Nothing to deploy or operate.
Remote
You run an HTTPS endpoint on your own infrastructure. Galactic Core calls it with a signed request and expects the same return shape. Your provider secrets never leave your side.
Hosted handler
A hosted function is a single default-export handler. Galactic Core passes it the event (or, for sync hooks, the hook input) and a small, safectx:
ctx surface is deliberately tiny — it’s the entire capability set:
There is no database client, no API key, and no access to any other store’s data in
ctx. If your function needs to change store data, it does so the same way any client does — ctx.fetch to the public API with your own key (supplied as a secret alias).
Remote endpoint
In remote mode, Galactic Core POSTs the same input a hosted handler would receive to your registeredendpoint_url, and your endpoint returns the same shape a hosted handler would return. The request is signed so you can verify it came from Galactic Core:
Verify every request before acting on it:
Timestamp / replay: requests carry a 5-minute freshness window — reject anything older. Retries: on a transient failure (a network error or a
5xx), Galactic Core retries the request once, re-signing with a fresh timestamp; a 4xx is treated as final and is not retried. Your endpoint_url must be HTTPS and publicly reachable — internal, link-local, and metadata addresses are rejected.Provider contracts
Each interface operation receives aninput (with an operation discriminator where it has more than one) and must return the shape below. This is the same whether you run hosted or remote. Money-bearing returns (payment status, rate amounts) are revalidated server-side — see Safety.
How this relates to the storefront API. Connecting a custom provider does not change the
storefront API contract your app calls. A shopper’s storefront never sees “which provider handled
this” — the provider is invoked internally behind the endpoints you already use:
- Payments — you still call
POST /v1/payments/initialize/verifyexactly as before. Theproviderfield already accepts any name, and the response shape is unchanged, so a custom payment provider just means a provider name outside the built-in set is handled instead of rejected. (The platform still validates the amount and re-checks the paid status.) - Tax — resolved server-side; it only affects the order’s
tax_amount, which is already part of the order response. - Shipping — the one visible addition:
GET /v1/shipping/calculatemay return extrarates[]from your custom carrier and setrate_sourcetocustom(seecalculateShipping). - Email / SMS / Marketing / Sales channels — entirely off the storefront API (notification and sync internals); there’s nothing to call.
rate_source: custom
value.Triggers
Automations subscribe to the same event vocabulary as webhooks. The events that fire today:Orders
order.created · order.paid · order.fulfilled · order.shipped · order.cancelled · order.updated · order.refundedPayments
payment.succeeded · payment.failed · payment.refundedCustomers
customer.created · customer.updatedProducts
product.created · product.updated · product.stock_low · product.out_of_stockGift cards
gift_card.issued · gift_card.redeemed · gift_card.expiredCarts & sync
cart.abandoned · feed.sync.completed · channel.sync.completedPromotions
promotion.applied · promotion.created · promotion.activated · promotion.deactivatedContent & collections
collection.created · collection.updated · post.published · lookbook.published · review.approvedStore lifecycle
store.updated · payment_provider.connected · shipping_provider.connected · channel.connectedFeature availability
feature.status_changed (a capability crossed between available / awaiting_data / not_in_plan)Safety
Custom code can shape your store’s behavior without ever putting a sale at risk. The guarantees:Automations never block
Automations run after the event that triggered them. A slow or failing automation can never delay or block checkout, an order, or any request.
Sync providers fail safely
A
ShippingProvider or TaxProvider that errors or times out falls back to the native path — the sale continues. A PaymentProvider failure returns provider unavailable with no order created or changed — never a false “paid”.Opt-in gates
order.validate is fail-open by default (a buggy rule never blocks sales). You can opt a specific gate into fail-closed when you need a hard compliance stop.Galactic Core stays the authority
A custom provider’s claimed payment status and returned rate amounts are revalidated server-side and never trusted as final. The platform remains the price, payment, and ledger authority.

