Certly
← All posts
7 min read

How to Collect Resale Certificates on Shopify (2026 B2B Guide)

A working guide to collecting, storing, and acting on US resale certificates for Shopify B2B and retail merchants — including the native levers, the DIY workflow, and the compliance traps.

If you sell wholesale or to businesses in the US, sooner or later a customer hands you a resale certificate and says "we shouldn't be paying sales tax." Cool. Now you need to actually do something with that PDF — and Shopify, despite being the platform you sell on, won't really tell you what.

This guide walks through the levers Shopify gives you natively, the DIY workflow most merchants end up cobbling together, and the compliance traps that catch people in audits. By the end you should know exactly what to set up and where it falls apart.

(Quick disclosure: this is Certly's blog. Certly is a Shopify app that productizes everything below — cert collection, AI extraction, the tax-exempt flip, and renewal tracking. We'll cover the native Shopify path in detail first, then how Certly fits in. The native path works without us; the rest of the post will tell you when it's enough and when it isn't.)

What a resale certificate is (the 30-second version)

A US resale certificate is a document a buyer hands a seller to claim they're not the final consumer of the goods, so sales tax shouldn't apply. The buyer pays no tax now; they'll either resell the goods (collecting tax themselves) or use them in a way the state has explicitly exempted.

Two important nuances:

  • Certificates are state-specific. A California resale cert exempts orders shipping into California. It does not exempt orders shipping to Texas. Most merchants miss this.
  • Certificates expire. Validity ranges from 1 to 5 years depending on the state. A cert that lapsed three months ago is the same as not having one at all — and every tax-exempt order after the lapse date is, technically, uncollected sales tax you owe.

The Shopify-native levers

Shopify gives you exactly two switches for tax exemption — which one you use depends on whether you're on Plus or not.

Non-Plus stores: the global customer flag

Every customer has a boolean field on their profile called taxExempt. Set it to true (Admin → Customers → [name] → Manage tax settings) and Shopify stops charging tax on every future order for that customer, anywhere.

The catch: it's global. There's no way to say "exempt only when shipping to California." If your customer is single-state, this works fine. If they ship multi-state, you're either exposed in an audit or you have to reject blanket exemption and do something manual.

Plus / B2B stores: per-state company-location exemption

If you're on Shopify Plus with B2B enabled, you get a much better lever: company-location-level reseller exemption.

In the Companies object, each company can have multiple locations. Each location has a Tax tab where you can tick "Tax exempt" and select a specific reseller exemption type per state. Shopify then applies the exemption only when the ship-to address matches one of the states you've configured.

This is the right answer for any merchant who sells multi-state B2B. It's what survives an audit because it ties the exemption to the ship-to state, exactly the way the IRS and state revenue departments expect.

The DIY workflow most merchants end up with

Here's the pattern people land on if they don't use a third-party app:

  1. Collection. Customer signs up for an account. Shopify's native signup form doesn't take file uploads, so you either (a) ask them to email you the cert, (b) build a Customer Account UI extension with a file upload block, or (c) use a generic form app like Customer Fields.
  2. Validation. Someone on your team — usually you — opens the PDF, checks the cert number, the state, the expiry date, and whether it covers the right entity type. Maybe you cross-reference against the state's online verification tool if there is one.
  3. Tax exemption flip. You navigate to the customer (or company location, on Plus) and flip the flag. Tag the customer something like tax-exempt so it's filterable later.
  4. Storage. The PDF goes somewhere — Google Drive, an S3 bucket, a shared folder, a customer_files table you maintain by hand. State retention requirements vary from 3 to 7 years.
  5. Renewal tracking. You add a row to a spreadsheet with the cert's expiry date and a reminder. You will lose track of this within six months. Everyone does.

This works at five customers. It breaks at fifty. The most common failure mode isn't tax collection — it's the renewal step. Certificates lapse silently, and merchants discover the gap during their next audit.

Step 2 (validation) is the other place where everything bogs down. Reading state, entity name, certificate number, and expiry off an arbitrary PDF — across all 50 states' form variants — is the kind of work a human is mediocre at and gets bored of. This is the specific problem Certly solves: Gemini reads every uploaded cert and pre-fills the fields for you, you only review and approve.

Compliance traps to know about

The blanket-exemption trap. Setting taxExempt = true on a non-Plus store exempts every order globally. If you're collecting tax in multiple states and your customer ships multi-state, you're applying their California cert to a Texas order. Don't do this. Either upgrade to Plus B2B or handle exempt orders via draft orders with per-order tax overrides.

The expiry trap. The state doesn't care that you "had a cert on file" — they care whether you had a valid, unexpired cert on the date of each order. If a customer's cert expires on 2027-12-31 and you don't renew it, every exempt order on 2028-01-01 forward is uncollected tax. A 4-year-old gap can be six figures by the time you catch it. (Certly emails customers automatically at 60, 30, and 7 days before expiry and auto-expires lapsed certs — this is the specific failure mode the renewal cadence is built for.)

The retention trap. When a state auditor asks for proof, you have to produce the actual cert PDFs, not a record that they existed. Storage rules range from 3 years (most states) to 7 years (some). Losing PDFs in a folder reorg counts the same as never having had them.

The B2B company-vs-customer trap. On Plus, the taxExempt flag still exists on the customer object — but it does not drive the B2B exemption at checkout. B2B checkout reads the company-location's reseller exemption. Setting the customer flag without the company-location flag results in checkout still charging tax. Set both, or set only the company-location.

When to use which approach

Approach Good for Falls apart at
Manual collection + native Shopify First 5–10 B2B customers Multi-state, renewals, audits
Customer Account UI extension + Flow Tech-comfortable merchants, ~30 customers Validation and renewal still manual
Avalara / EXEMPTAX (enterprise) Existing Avalara users, $1k+/mo budget Cost, integration complexity, overkill for SMB
Certly Shopify B2B/retail merchants wanting it handled (Disclosure: I built it)

The right answer depends entirely on volume. If you have three resale customers, native Shopify + a Google Drive folder is genuinely the right answer. Once you cross ~10–15 active certs, the renewal step alone justifies a tool — that's the threshold where spreadsheets fail merchants in audits.

What to do this week

If you're getting started, the practical sequence:

  1. Decide your tax-exempt customer threshold. Below it, manual. Above it, productize.
  2. Set up the Shopify-native flag (customer taxExempt or company-location B2B exemption) for any current exempt customers.
  3. Audit your current cert storage. Find every cert PDF. Note its expiry. Calendar the renewal.
  4. Decide on a collection path. If you're sub-threshold, email is fine. If you're over, build the Customer Account UI extension or pick a tool.

The boring administrative work in step 3 catches more compliance gaps than any technical setup. That's where every merchant I've talked to has lost something.

How Certly does each step

If you've read this far and "build the Customer Account UI extension + write the validator + maintain a renewal spreadsheet" doesn't sound like the best use of your week, that's exactly the problem Certly is built for.

  • Collection — a Customer Account UI extension block ships with the app. Customer logs into their Shopify account, sees an "Upload resale certificate" block, drops the PDF in. No code, no form-app duct tape.
  • Validation — Gemini reads the PDF, pre-fills entity name, state, cert number, expiry. You review and click approve.
  • Tax flip — one click flips both the customer taxExempt flag and the B2B company-location reseller exemption per state. Only Certly handles both — competitors only touch the customer object.
  • Storage — the PDF lives in object storage, signed-URL-accessed, kept for the state's retention period.
  • Renewal — automatic emails at 60, 30, and 7 days before expiry. Lapsed certs auto-expire so you can't accidentally exempt someone with stale paperwork.
  • Audit trail — every action recorded (upload, edit, approve, reject) with timestamp and actor.

14-day free trial, billed through Shopify, $29–$199/month depending on cert volume. If you want to try it: apps.shopify.com/certly.

If you're sub-threshold (under ~10 active certs) the native Shopify path above is genuinely fine — don't pay for a tool you don't need. We'll be here when you cross the threshold.