Skip to main content

Custom Integrations — Extensions

Custom Integrations are how you make Galactic Core work the way your business does. There are two ways to build one, and this page covers the platform-native path — Extensions — where Galactic Core does the plumbing for you. (The other path, running your own service entirely outside the platform and driving it over the API, is Bring Your Own Compute — reach for it when an Extension doesn’t cover what you need.) With Extensions there are two things you can build:

Automations

React to a store event — order.paid, product.stock_low, cart.abandoned — with a no-code recipe or a small custom function. “When X happens, call my system / sync a field / send a message.”

Custom Providers

Become the implementation Galactic Core calls for a capability — Email, SMS, Marketing, Tax, Shipping rates, Sales channels, or Payments — standing in for the built-in integration.
Where extensions live: you create and manage extensions in your Tybrite dashboard under Settings → Extensions — not through the storefront API. A recipe builder, a code editor, a remote-endpoint registration form, and a live run-log debugger are all there.
Built-in integrations stay the default. A custom provider only takes over a capability once you explicitly select it for your store; until then, everything runs exactly as it does today.

The two building blocks

Automations

An automation runs after the fact, off a real store event, and never blocks anything. You author it two ways:
  • A recipe — a small, validated JSON graph (trigger → filter → transform → action) with no raw code. Ideal for the “notify my system / call an API on order.paid” case.
  • A custom function — a small handler when you need real logic.

Custom providers

A custom provider implements one of seven named interfaces and, when selected, is dispatched at that subsystem’s seam in place of the built-in path:
For single-active interfaces (Email, SMS, Tax, Marketing) selecting a custom provider replaces the built-in for that capability. Shipping adds a rate source next to the native ones; Sales channels are fully multi-active; Payments route per transaction, so your custom method runs alongside the native processors.
Advertising is a separate, platform-managed provider — you connect it rather than build it. See Advertising.

Execution modes: hosted vs remote

Every custom function and provider runs in one of two modes. The contract is identical — only where the code runs differs.

Hosted

You write a handler; Galactic Core runs it in an isolated sandbox. Your provider secrets are held in our secure vault and injected at run time. Nothing to deploy or operate.

Remote

You run an HTTPS endpoint on your own infrastructure. Galactic Core calls it with a signed request and expects the same return shape. Your provider secrets never leave your side.

Hosted handler

A hosted function is a single default-export handler. Galactic Core passes it the event (or, for sync hooks, the hook input) and a small, safe ctx:
The ctx surface is deliberately tiny — it’s the entire capability set: There is no database client, no API key, and no access to any other store’s data in ctx. If your function needs to change store data, it does so the same way any client does — ctx.fetch to the public API with your own key (supplied as a secret alias).

Remote endpoint

In remote mode, Galactic Core POSTs the same input a hosted handler would receive to your registered endpoint_url, and your endpoint returns the same shape a hosted handler would return. The request is signed so you can verify it came from Galactic Core: Verify every request before acting on it:
Timestamp / replay: requests carry a 5-minute freshness window — reject anything older. Retries: on a transient failure (a network error or a 5xx), Galactic Core retries the request once, re-signing with a fresh timestamp; a 4xx is treated as final and is not retried. Your endpoint_url must be HTTPS and publicly reachable — internal, link-local, and metadata addresses are rejected.

Provider contracts

Each interface operation receives an input (with an operation discriminator where it has more than one) and must return the shape below. This is the same whether you run hosted or remote. Money-bearing returns (payment status, rate amounts) are revalidated server-side — see Safety.
How this relates to the storefront API. Connecting a custom provider does not change the storefront API contract your app calls. A shopper’s storefront never sees “which provider handled this” — the provider is invoked internally behind the endpoints you already use:
  • Payments — you still call POST /v1/payments/initialize / verify exactly as before. The provider field already accepts any name, and the response shape is unchanged, so a custom payment provider just means a provider name outside the built-in set is handled instead of rejected. (The platform still validates the amount and re-checks the paid status.)
  • Tax — resolved server-side; it only affects the order’s tax_amount, which is already part of the order response.
  • Shipping — the one visible addition: GET /v1/shipping/calculate may return extra rates[] from your custom carrier and set rate_source to custom (see calculateShipping).
  • Email / SMS / Marketing / Sales channels — entirely off the storefront API (notification and sync internals); there’s nothing to call.
So the provider contracts above describe what your extension implements, not what the storefront API returns. The only storefront-API change in the whole feature is the shipping rate_source: custom value.

Triggers

Automations subscribe to the same event vocabulary as webhooks. The events that fire today:

Orders

order.created · order.paid · order.fulfilled · order.shipped · order.cancelled · order.updated · order.refunded

Payments

payment.succeeded · payment.failed · payment.refunded

Customers

customer.created · customer.updated

Products

product.created · product.updated · product.stock_low · product.out_of_stock

Gift cards

gift_card.issued · gift_card.redeemed · gift_card.expired

Carts & sync

cart.abandoned · feed.sync.completed · channel.sync.completed

Promotions

promotion.applied · promotion.created · promotion.activated · promotion.deactivated

Content & collections

collection.created · collection.updated · post.published · lookbook.published · review.approved

Store lifecycle

store.updated · payment_provider.connected · shipping_provider.connected · channel.connected

Feature availability

feature.status_changed (a capability crossed between available / awaiting_data / not_in_plan)
The store-lifecycle, content, and feature-availability triggers fire as the store grows — an automation can react to a promotion going live, a review being approved, or a licensed capability gaining its first data. See the Webhooks reference for each event’s payload.

Safety

Custom code can shape your store’s behavior without ever putting a sale at risk. The guarantees:

Automations never block

Automations run after the event that triggered them. A slow or failing automation can never delay or block checkout, an order, or any request.

Sync providers fail safely

A ShippingProvider or TaxProvider that errors or times out falls back to the native path — the sale continues. A PaymentProvider failure returns provider unavailable with no order created or changed — never a false “paid”.

Opt-in gates

order.validate is fail-open by default (a buggy rule never blocks sales). You can opt a specific gate into fail-closed when you need a hard compliance stop.

Galactic Core stays the authority

A custom provider’s claimed payment status and returned rate amounts are revalidated server-side and never trusted as final. The platform remains the price, payment, and ledger authority.
Every extension is also protected by a per-extension circuit breaker — after too many consecutive failures it is automatically disabled and you’re notified — and hard timeouts on any hot-path hook. Outbound requests from a hosted function are filtered to public destinations to prevent them reaching internal infrastructure.

Examples


Choosing your approach