Features
Everything You Need for B2B Sales Through Agents
39 features across three apps — admin, mobile and customer app — engineered to live entirely inside Shopify.
Admin · Shopify admin
16 features for the back-office
Embedded in your Shopify admin. No new tab, no new login, no new database.
Sales rep accounts
Create, suspend, and audit agent logins with role-based access.
Territory assignment
Assign agents to geographies, accounts or product lines.
Commission rules
Flat %, tiered, hybrid. Per agent, collection or customer segment.
Commission statements
Auto-generated PDF/CSV, exportable to payroll.
B2B company management
Native sync with Shopify B2B companies and locations.
Custom price lists
Per company, per channel, with start/end dates.
Discount engine
Volume tiers, mix-and-match, customer-specific.
Sales analytics
Revenue, margin, agent leaderboard, customer retention.
Sales targets
Monthly/quarterly quotas with progress tracking.
Bulk customer import
CSV import with field mapping & validation.
Catalog rules
Hide products by region, channel or company.
Quote approvals
Set thresholds requiring manager sign-off.
Notifications & alerts
Email/SMS/Slack on key events.
Audit log
Every change tracked, exportable for compliance.
Data export
CSV, JSON, scheduled deliveries to S3/SFTP.
Multi-language UI
Admin in 8 languages, switchable per user.
Agent · app
16 features for field reps
Mobile-first. Native iOS + Android. Works offline. Built for selling, not for admin.
Catalog browse
Visual grid, search, collection filters.
Offline mode
Catalog, prices and customers cached locally.
Cart builder
Multi-customer carts, parked sessions.
Quote generation
PDF quotes sent in one tap.
Draft order placement
Direct to Shopify — no re-keying.
Live commissions
Real-time earned + pending visibility.
Customer map
Plan visits by geography & cadence.
Visit logging
Notes, photos, follow-ups.
Order history
Per customer, with one-tap reorder.
Personal dashboard
MTD revenue, vs target, top SKUs.
Barcode scanner
Scan SKU to add to cart.
Product photos
High-res images cached for showroom.
Lookbooks
Curated collections for buyer presentations.
Size-curve grids
Fashion-friendly variant matrix entry.
Reorder suggestions
Based on customer cadence & depletion.
Localized app
Agent-side UI in 8 languages.
Customer app · Add-on
5 features for self-service B2B customers
Self-service catalog & reorder
Customers browse their personalized catalog and reorder without calling.
Shipment tracking
Live tracking pulled from Shopify Shipping.
Invoice history
Download PDF invoices, see payment status.
White-label customization
Custom domain, logo, colors, fonts, translations.
Multi-buyer per company
Approval workflows, spend limits per user.
New · April 2026
Built for the field, not the office.
Eight new capabilities shipped this quarter — covering offline reality, multi-currency selling, and the small UI details that decide whether agents actually use the app.
Offline mode
Catalog cache + cart submit queue. Field reps can build orders without signal — everything syncs on reconnect.
Multi-currency
Intl.NumberFormat for prices in agent's locale + customer's currency. No rounding surprises.
Address Autocomplete
Google Places integration for new B2B customer creation. Validated address, structured fields.
Manager bulk territory actions
Reassign zones across the team in one operation. No more 40-click reorgs.
Granular notification preferences
5 toggles per agent: orders, refunds, quotes, discounts, territories. Each agent tunes their own noise.
In-app refund workflow
Manager-gated refunds without leaving Soryk. Audit log entry on every action.
BottomSheet UI
Native iOS/Android bottom sheets with safe-area awareness. Feels like the platform, not a wrapper.
Catalog filters multi-select
Dropdown UI with multi-select chips, configured from Shopify admin. No code changes to add filters.
Desktop web (Expo Web)
Same codebase deployable as a desktop web app via Expo Web — bonus for teams that want desktop access too.
Integrations
Plays nicely with your stack
Security & Compliance
Built for enterprise trust
GDPR by design
EU data residency, DPA on request, no PII outside Shopify.
OAuth via Shopify
Google + Microsoft Workspace, standard at every tier. No SAML/Okta add-on.
Two-factor authentication
TOTP-based, enforceable per role.
Audit log
Every action immutably logged for compliance.
Frankfurt & Dublin AWS regions only.
Best-effort 99.5% uptime
Monitored 24/7. No contractual SLA — we're indie and honest about it.
Privacy & Architecture
Stateless. Zero PII hosted. GDPR-coherent by design.
Soryk is stateless. The only data we host is the OAuth shop token. Everything else lives in your Shopify store — companies, orders, commissions, audit log. No DPA dance for B2B customer data.
Stateless architecture
JWT-signed everything, no Redis lookups for hot paths.
Zero PII hosted by Soryk
Data lives in Shopify metaobjects only. We don't see it.
OAuth shop tokens
The only data we hold — explicitly documented, encrypted at rest.
GDPR-coherent by design
No DPA dance for B2B data — there's nothing on our side to process.
In-memory LRU caches
No external state. Process-local caches that warm fast and die clean.
Quote URLs as JWTs
Quote payloads encoded as JWT-signed tokens — no DB lookup needed.
Production · April 2026
Built for production at scale
23 hardening items shipped this quarter — the kind of plumbing that decides whether a B2B app survives its first 10,000-order shop. None of it is marketing surface. All of it is in the audit log.
JWT secret rotation
Documented zero-downtime key rotation. Old tokens stay valid through a configurable grace window while new ones are issued under the rotated secret.
grace-window · dual-key verify · runbook included
Rate-limited authentication
Upstash sliding-window across login surfaces: 5 attempts/identity, 30/IP, 5-min window. Admin payments capped at 60/min/shop.
agent · buyer · admin · per-identity + per-IP
Immutable audit log
Every write is mirrored on Redis as an append-only stream (lpush + ltrim 5000). Orphan detection flags tampering attempts on the primary store.
redis · append-only · drift alerts
Tag injection prevention
Every tag passes through sanitizeTagValue() — lowercased, special chars replaced, non-alphanum stripped. Customer/order tags can't be hijacked into selectors.
single chokepoint · validated at write
Buyer ownership enforcement
Middleware on every buyer API verifies companyId against the JWT. Cross-tenant data leaks are structurally impossible — verified, not promised.
zero cross-tenant · 100% endpoint coverage
Commission engine · O(1)
Pre-built companyId→agents[] index plus an email→agent map (raw + sanitized) replaces the legacy O(orders × agents) fallback. Scales smoothly to 10,000+ orders/shop.
indexed lookup · constant per order
Analytics cache
Sliding Upstash cache: 60s on the live preset, 5 min on custom date ranges. Refund-created webhooks invalidate the relevant slice instantly.
live · custom · webhook-invalidated
Push notifications · end-to-end
push notifications with secure push tech, dead-subscription pruning, service-worker push + click handlers, and an auto-registrar that mounts a subscription if the permission is already granted.
· SW listener · auto-registrar · toggle
Geo territory · circles + polygons
Irregular zones: Haversine-based circles plus ray-casting polygons. Mix-and-match coverage maps without rewriting territory boundaries every quarter.
haversine · ray-cast · per-zone
AI territory audit · Opus 4.7
Claude Opus 4.7 with effort=xhigh and a strict JSON schema reviews coverage, manager hierarchies and even region-name spelling drift before commission cycles close.
structured-output · hierarchy · drift detection
Error i18n · stable codes
lib/errors/codes.ts + useErrorMessage() ship every error as a stable code resolved against EN/IT dicts on the client. No more "Internal server error" leaking to a buyer.
stable codes · EN / IT dicts · client-resolved
Idempotent payments & refunds
Commission payouts reject duplicate orderIds with HTTP 409. Refund webhooks dedupe on orderId+paymentId. Replays are safe by design.
409 · dedup · replay-safe