Platform Overview
What the Whatalo Plugin Platform is, what you can build, and how distribution works.
What is the Plugin Platform?
The Whatalo Plugin Platform lets developers extend the Whatalo admin with custom web applications. Each plugin runs in a sandboxed iframe in the admin sidebar and communicates with the host via the App Bridge — a postMessage protocol in @whatalo/plugin-sdk.
You host your plugin on your own infrastructure. Whatalo never runs your code on its servers. You own your deployment, your data pipeline, and your stack.
What Plugins Can Do
Admin UI Extension
Each plugin can register one or more full-page views in the admin sidebar. Pages are defined in the manifest (whatalo.app.ts) under adminUI.pages. The store owner navigates to your plugin by clicking its name in the sidebar.
Sidebar
├── Orders
├── Products
├── Integrations
│ └── My Analytics Plugin ← your plugin name (links to dashboard)
│ ├── Dashboard ← first page (default)
│ └── Reports ← additional pages expand belowStore Data Access via REST API
Plugins access store data through the Whatalo REST API using a scoped access token. The token is tied to the specific store where the plugin is installed.
The 15 available permission scopes are:
| Scope | Description |
|---|---|
read:products | List and retrieve products |
write:products | Create, update, and delete products |
read:orders | List and retrieve orders |
write:orders | Update order status and data |
read:customers | List and retrieve customers |
write:customers | Create and update customers |
read:inventory | Read inventory levels |
write:inventory | Adjust inventory |
read:store | Read store settings and configuration |
write:store | Update store settings |
read:webhooks | List webhook subscriptions |
write:webhooks | Create and delete webhook subscriptions |
read:discounts | List and retrieve discount codes |
write:discounts | Create and manage discount codes |
read:analytics | Access analytics and reporting data |
Only request the scopes your plugin actually needs. Store owners see the permission list during installation and can reject plugins that request excessive access.
Real-Time Events via Webhooks
Plugins subscribe to webhook events in their manifest. Whatalo delivers HTTP POST requests to your webhookUrl when events occur in the store.
The 13 supported events:
| Event | When it fires |
|---|---|
order.created | A new order is placed |
order.updated | Order data changes |
order.status_changed | Order moves to a different status |
order.cancelled | An order is cancelled |
product.created | A new product is added |
product.updated | Product data changes |
product.deleted | A product is removed |
customer.created | A new customer record is created |
customer.updated | Customer data changes |
inventory.low | Stock drops below a threshold |
inventory.adjusted | Inventory level is manually changed |
app.installed | Store owner installs your plugin |
app.uninstalled | Store owner uninstalls your plugin |
Admin Actions via App Bridge
From inside your plugin iframe, you can trigger actions in the admin host using the App Bridge:
- Toast notifications — show success, error, warning, or info banners
- Navigation — send the admin to any internal path (
/store/...) - Modals — open a secondary iframe overlay from your own origin
- Resize — report your content height so the admin manages scroll naturally
Billing and Monetization
You can charge for your plugin using subscription plans defined in the Developer Portal. Plans support:
- Monthly and annual billing intervals
- Free trial periods (days configurable per plan)
- Multiple tiers (e.g., Basic, Pro, Enterprise)
- Upgrade, downgrade, and cancellation flows — all handled by the host via App Bridge billing actions
Whatalo collects payment from the store owner and pays you out on a regular schedule, after deducting the platform commission.
Distribution
| Mode | Description |
|---|---|
| Private | Install directly from your Developer Portal dashboard — no review required. For testing or internal tooling. |
| Public | Submit for review. Once approved, your plugin is listed in the marketplace for any Whatalo store to find and install. |
The Development Lifecycle
npx create-whatalo-plugin
↓
whatalo login
↓
whatalo dev ← live dev session with tunnel + sidebar preview
↓
Edit & iterate ← manifest changes sync automatically
↓
whatalo validate ← config, deps, security checks
↓
whatalo deploy ← submit version to Developer Portal
↓
Request review ← via Developer Portal dashboard
↓
Listed in marketplace ← once approvedNext Steps
- Plugin Architecture — how the iframe and bridge work technically
- Prerequisites — what you need to install
- Build Your First Plugin — follow the full tutorial