How to connect a self-hosted Baserow to Shopify
A self-hosted Baserow gives you full control of your data — you just need to make it reachable from the internet so Baseify can sync into it. Here's exactly how, and whether you need to open a port.
Using Baserow Cloud (api.baserow.io)? You can skip this guide — it’s already reachable. Just enter https://api.baserow.io as your Base URL when you connect Baserow. Everything below is for people running their own Baserow server.
Does my self-hosted Baserow need to be public?
Yes — but only in the sense that Baseify must be able to reach it. Baseify is a hosted Shopify app: when something changes in your store, Baseify’s servers call your Baserow’s API over the internet to write the row. That means your Baserow has to answer requests from outside your own network, at an HTTPS address with a valid certificate.
It does not mean your data is exposed to the world: every request carries your database token, and without it Baserow refuses to do anything. Think of the URL as a locked front door — anyone can walk up to it, but only your token has the key.
Whatever public HTTPS address you set up below is exactly what you paste into Baseify’s Base URL field, for example https://baserow.yourcompany.com. There’s no special format and, in the normal case, no port number in the URL.
Open a port, or use a tunnel
Both give you a clean https://… URL. The difference is whether you accept inbound connections directly, or let a tunnel service carry them for you.
Reverse proxy + open port 443
Run Baserow behind a proxy that has a real certificate (Caddy, nginx, or Traefik with Let’s Encrypt) and open inbound port 443 on your server or router. This is the standard setup for a VPS or an always-on server with a public IP and a domain you control.
Best when: you already run a public-facing server and are comfortable managing certificates and firewall rules.
A tunnel — no open port
A tunnel service such as Cloudflare Tunnel makes an outbound connection from your network and gives you a stable HTTPS hostname. No inbound port is opened at all, and the certificate is handled for you.
Best when: Baserow runs behind NAT, on a home network, or behind a firewall you can’t (or don’t want to) open.
Connect it in four steps
Give Baserow a public HTTPS address
Baseify runs in the cloud and reaches your Baserow over the public internet, so it must be available at an HTTPS URL with a valid TLS certificate. A plain http:// address, a private LAN IP like 192.168.x.x, or a self-signed certificate will be rejected. Pick one of the two approaches below to get that address.
Point Baserow's public URL at the same address
Set Baserow’s own BASEROW_PUBLIC_URL to the exact HTTPS URL you chose (for example https://baserow.yourcompany.com). If this doesn’t match, Baserow can reject the request before it reaches the API — the most common reason a connection looks reachable but won’t verify.
Create a scoped database token
In Baserow, create a database token with create, read, update and delete permission on just the destination database — not an admin-level token. This token is what protects your data, since the endpoint is reachable from the internet. Baseify encrypts it at rest and only ever shows its last four characters.
Connect it in Baseify
In the Shopify app, open the Baserow tab and add a connection: paste your public Base URL and the database token, give it a name, and click Save & test. A green check means Shopify data will start flowing into your Baserow. (Optionally add account credentials to browse your tables and fields inside the app.)
Troubleshooting
The connection won’t verify, but Baserow is running
Almost always a URL mismatch. Confirm Baserow’s BASEROW_PUBLIC_URL is set to the same HTTPS address you entered as the Base URL. If a reverse proxy or tunnel forwards a different host than Baserow expects, Baserow answers with a 404 “Site not found” before the request reaches the API.
A certificate or TLS error
Baseify requires a valid, publicly-trusted certificate. Self-signed certificates and expired or hostname-mismatched certificates are rejected. A reverse proxy with Let’s Encrypt, or a tunnel that terminates TLS for you, resolves this.
“Permission denied” writing rows
Your database token needs create / read / update / delete on the destination database. Re-check its scope in Baserow, re-test the connection, then retry the failed events from the event log.
It works from my browser but not from Baseify
A URL that only resolves on your local network or VPN won’t work — Baseify connects from the public internet. Verify the address resolves and responds from an outside network (for example, from your phone on cellular data).
Baserow Cloud (api.baserow.io) is public and certificate-ready out of the box — no proxy, ports, or certificates to manage. You can always move to self-hosting later; Baseify treats both the same way.
Related: Self-hosted Baserow in the docs · Connecting Baserow · FAQ