If you run a Shopify store with multiple staff members, installed apps, and Shopify Flow automations, you need an audit trail. Every day, data on your customers, orders, and products changes. Tags get added and removed. Metafields get overwritten. Segments shift.
The question is whether you can actually see what changed and when. Shopify gives you about half of an audit trail. The other half is a blind spot.
Does Shopify have an audit trail?
Partially. Shopify has a "timeline" feature on customer, order, and product detail pages. It records some events automatically: order status changes, emails sent, notes added by staff, refunds processed. For orders specifically, the timeline is quite good.
But the timeline has significant blind spots. It does not record tag changes. It does not record metafield changes. It does not tell you which app triggered a mutation. And it does not give you a centralized log across your entire store.
Here is what Shopify tracks versus what it does not:
| Event | Tracked by Shopify? | Details provided |
|---|---|---|
| Order status changes | Yes | Timestamp, staff member |
| Refunds and returns | Yes | Amount, reason, staff member |
| Emails sent to customer | Yes | Template name, timestamp |
| Notes added | Yes | Content, staff member |
| Customer tag changes | No | Not recorded |
| Product tag changes | No | Not recorded |
| Order tag changes | No | Not recorded |
| Metafield value changes | No | Not recorded |
| Which app triggered a change | No | Not recorded |
| Shopify Flow actions | No | Run logs exist, but not on the resource timeline |
| Bulk operation changes | No | Not recorded per resource |
The pattern is clear. Shopify tracks financial and communication events well. It tracks data-level changes (tags, metafields, custom attributes) poorly or not at all.
Why the gaps matter
Missing audit data is not an abstract problem. It hits you in four concrete ways.
Debugging broken automations
You set up a Shopify Flow that adds a "wholesale" tag when a customer's total spend crosses $5,000. A week later you find 30 customers tagged "wholesale" who have spent under $500. What happened? Without an audit trail for tag changes, you have no way to trace the cause. Was it a different Flow? An app? A staff member doing a bulk edit?
Staff accountability
You have a team of five people editing customer records. Someone removes a "do-not-contact" tag from 40 customers. Those customers get an email campaign they opted out of. Who removed the tag? When? Shopify will not tell you.
App behavior verification
You install a loyalty app that writes to a loyalty_tier metafield. You also have a fulfillment app that reads that metafield. One day the values are wrong. Is the loyalty app writing bad data? Is the fulfillment app overwriting it? Without a change log on the metafield, you are guessing.
Compliance and record-keeping
If you operate in a regulated industry, you may need to demonstrate who changed what and when. Shopify's partial timeline is not sufficient for this. You need a full record of every mutation, including tags and custom data.
What a complete Shopify audit trail looks like
A complete audit trail captures three things for every change: what changed, when it changed, and who or what caused it.
For tags, that means recording the full tag list before and after every update. Shopify's customers/update webhook fires when tags change, but it only sends the current state. To know what was removed or added, you need to compare it against the previous snapshot you stored.
For metafields, the same principle applies. The webhook payload includes the current metafield values. To detect a change, you compare against your last known state and record the diff.
The "who" part is harder. Shopify webhooks do not include an app_id or staff_id that tells you which app or staff member triggered the change. This is a known limitation of the platform. You can track what changed and when, but attributing the cause requires inference or additional tooling.
Some approaches to attribution:
- Check the webhook header
X-Shopify-API-Versionfor clues about which integration sent the request - Correlate timestamps with Shopify Flow run logs
- Track admin activity timelines to match staff actions
- Monitor app-specific patterns (certain apps always write specific metafield keys)
None of these give you a perfect "this app did this at this time" record. But combined with a reliable change log, they get you close enough to debug most issues.
Building your own vs using an app
You can build a custom audit trail system. The basic architecture is straightforward: subscribe to Shopify webhooks (customers/update, orders/update, products/update), store snapshots, and compute diffs when new payloads arrive.
Here is what that actually requires:
- A webhook receiver that handles Shopify's HMAC verification and processes payloads
- A database to store snapshots and computed diffs for every resource you want to track
- Diff logic that compares incoming tag strings and metafield values against stored state
- Retry handling for when Shopify re-sends webhooks (they retry up to 19 times on failure)
- Deduplication because Shopify can send the same webhook event more than once
- Infrastructure that stays online 24/7, because missed webhooks mean missed changes
The trade-offs are real. Shopify webhook delivery is best-effort. If your endpoint is down for 48 hours, those webhooks are gone. Shopify will eventually remove your subscription if deliveries keep failing. You also need to handle webhook volume spikes during bulk operations, which can send thousands of payloads in seconds.
For a store running 10 apps and processing hundreds of orders a day, this is a meaningful infrastructure commitment. You need monitoring, alerting, and someone on call when the webhook receiver goes down at 2 AM.
The upside of building it yourself is full control. You decide what to track, how long to retain data, and how to query it. If you have an engineering team and specific requirements around data residency or integration with internal tools, a custom build may make sense.
For most stores, the maintenance cost outweighs the benefits. An app that handles the infrastructure, webhook reliability, and diff computation is a better use of your time.
How Beemlo fills the gap
Beemlo is a Shopify app that tracks tag and metafield changes on customers, orders, and products. It records what changed, the old value, the new value, and when.
It works as an embedded admin block, so you see the change history directly on the customer, order, or product page in your Shopify admin. No separate dashboard to check. No context switching.
A few things worth noting about the approach:
- Read-only permissions. Beemlo only requests the
read_customers,read_orders, andread_productsscopes. It never writes to your store data. - No PII storage. Beemlo stores tag and metafield diffs, not customer names, emails, or addresses.
- Webhook-based. Changes are captured via Shopify webhooks and processed in real time. The diff is computed on our end and stored as a structured log entry.
- Instant setup. Install the app, approve the permissions, and history starts recording. No configuration required.
Beemlo does not solve the attribution problem (which app caused a change), because Shopify's webhook system does not provide that data. What it does give you is a reliable, timestamped record of every tag and metafield change, which is enough to debug most issues and answer most "what happened?" questions.
Start tracking changes today
Beemlo records every tag and metafield change in your Shopify store. Free to install, no configuration needed.
Install Beemlo