Certificate of authenticity on Shopify (no NFTs, no wallets)

What is a certificate of authenticity, actually?

A certificate of authenticity (COA) is a statement that a specific item is genuine and was made by who the seller says made it. Galleries have used paper COAs for decades. The art world runs on them. So does jewelry, autographed memorabilia, signed prints, watches, and a long list of craft goods. The format does not matter much. What matters is that the buyer can verify the piece they hold is the one the document describes, and that the document is hard to fake.

For physical goods, the modern version of a COA is a URL. You print the URL (or a QR code that resolves to it) on a small card, foil sticker, or hangtag. The buyer scans, lands on a page that shows the piece details (origin, materials, edition number, studio, year), and the page itself is the proof. If someone tries to sell a fake of your product, the fake cannot point at your hosted page. Your page is the source of truth. A COA is one specific implementation of a broader category, see the complete provenance certificates guide for the four implementation approaches and the EU regulatory shift.

Why did NFT certificates become popular, then quietly disappear?

Around 2021 to 2023 the standard advice for "how do I add a certificate of authenticity to my Shopify store" was to mint an NFT for each piece. A handful of apps offered this. Some brands tried it. The pitch was clean: an NFT is unique, transferable, and lives on a blockchain that nobody owns.

The problem showed up immediately on the buyer side. To view their certificate, a buyer had to:

1. Install MetaMask, Phantom, or another wallet
2. Understand seed phrases, gas fees, and chain selection
3. Pay a transaction fee or accept the merchant paying it
4. Trust that the chain would still exist in five years

For a jewelry buyer who just bought a ring, this is friction the merchant cannot defend. The buyer wants to see a webpage that confirms the ring is real. They do not want to install a wallet for it. So the install rate dropped, the certificate stopped being a useful feature, and most merchants either removed it or pretended it was still there.

For more on what the EU regulators decided about blockchain provenance, see DPP vs blockchain provenance for fashion, craft and luxury brands.

What does a wallet-free COA look like on Shopify?

A wallet-free COA is the simplest design that works. Three components:

• A unique URL per piece. Something like yourstore.com/products/{handle}?view=provenance&edition=III&token=hf7k2m9bpx. The token is a random string the merchant generates at edition creation, not the order number, not a sequential ID, not anything an outsider can guess.
• A QR code that encodes the URL. Printed on a small card, sticker, foil hangtag, or directly on the packaging. The buyer scans with the camera, lands on the page.
• A hosted certificate page. Shows the piece details (origin, materials, edition number, total run, studio, year), the date the certificate was generated, and a visible verification badge. No login. No wallet. No third-party site.

That is the whole experience for the buyer. They scan, they see, they put the card back in the box.

Which industries benefit most from a COA per piece?

A COA is most useful when one or more of these are true: items are numbered, items are hand-finished, items command a premium price, items are at risk of being faked, or items will be resold. Some examples:

• Jewelry and watches. Numbered editions, hand-finished pieces, hallmark-equivalent provenance. The classic COA use case.
• Art and prints. Limited edition prints (25, 50, 100 copies), originals, signed pieces. Galleries already expect a COA, so digital is a natural upgrade.
• Streetwear and sneakers. Drop culture relies on scarcity. A scannable COA per pair or per shirt makes the resale market trust the piece.
• Craft goods. Leather, ceramics, woodwork, knives, small batch goods. Buyers love provenance, makers love telling the story.
• Wine, spirits, collectibles. Bottle-level numbering, batch authentication, age verification.
• Music merch and vinyl. Numbered pressings, signed copies, tour merch with edition counts.
• Furniture and design objects. Limited production runs from named studios, plaque-level provenance.

If your products fit any of these, a per-piece COA changes how buyers experience what they bought. They get a tangible proof on day one, and an unfakeable reference if they ever want to resell.

How do you handle returns and revocation?

This is the question most COA conversations get wrong. If a buyer returns the piece, the certificate must stop working. Otherwise the returned piece floats in the resale market with a "valid" certificate while you also ship a new certificate to the next buyer.

The correct flow:

1. Buyer returns the piece
2. You mark the edition as revoked in the admin
3. The old certificate URL renders a "Certificate revoked" page (not a 404, not a redirect, a clear revocation page)
4. The edition number goes back to available
5. When the next buyer purchases the piece, a fresh token is generated, the URL changes, and the old QR code stops resolving to a valid certificate

A good COA app handles this automatically. If you build this yourself, plan for it on day one. Returns happen. So do exchanges, gifts gone wrong, and full refunds. The certificate flow has to follow the piece, not the order.

What does it cost to run a COA on Shopify?

Three cost models exist in the market:

• Per-certificate fees. $0.50 to $5 per certificate, often labeled as "minting cost" or "issuance cost". This was the NFT-era pricing. At any meaningful volume it becomes expensive and the marginal cost is not zero, so it caps your edition counts.
• Per-store flat fee. A monthly tier price ($30 to $100 typically) that covers unlimited certificates. The marginal cost of one more certificate is zero. This is the fair model for any merchant generating more than a few certificates a month.
• Build it yourself. A custom hosted page on your storefront, a metafield per product, a QR generator, and a token system. Possible, but you become responsible for token uniqueness, revocation, mobile rendering, GDPR for visitor data, and so on. Most merchants want to ship product, not maintain an internal certificate platform.

The flat-fee model is the only one that scales without punishing growth. If your app charges per certificate, you are effectively paying a tax on every successful sale that includes a COA.

How does Editioned do this?

Editioned generates a unique token per edition, hosts the certificate page on your own storefront via a Shopify theme app extension, and prints a QR code per piece for shipping. The tokens are cryptographically random, not sequential, so nobody can enumerate other buyers' certificates by guessing URLs. When you revoke an edition, the old token dies and a new one is generated for the next buyer.

Pricing is flat-monthly with no per-certificate fees. A Studio merchant generating 100,000 certificates a year pays the same $99 a month as one generating 100. Every new install starts with 30 days of full Pro features unlocked, no card required, so you can try it on real products before deciding.

For technical detail on the token system, see the token security section on the homepage.

What about EU Digital Product Passport compatibility?

If you sell into the EU, the certificate format becomes a regulation question starting in 2027. The EU Digital Product Passport (DPP) under ESPR (Reg 2024/1781) becomes mandatory for batteries in February 2027, textiles around late 2028, electronics in the 2027 to 2028 window. The format the EU chose is JSON-LD with GS1 Digital Link QR codes, not blockchain.

The good news for any merchant running a wallet-free COA today: the EU's chosen format is essentially a structured version of what you already have. A hosted certificate URL with QR code maps cleanly into a DPP record. Editioned's Pro tier exports a CIRPASS-aligned JSON-LD record per edition, so the same certificates you ship today are DPP-ready for when the regulation reaches your sector.

For the sector-by-sector timeline, see EU Digital Product Passport timeline for Shopify merchants.

The short version

A certificate of authenticity on Shopify does not need a wallet, an NFT, a blockchain, or any per-certificate fee. It needs a unique URL, a QR code on a card, a hosted page that confirms the piece is real, and a revocation flow when pieces come back. That is the entire product. Pick a tool that does these four things for a flat monthly fee, and your buyers get a real certificate without having to install anything.