Building apps and integrations for Shopify opens up a massive opportunity. With over 2 million merchants on the platform and a thriving app ecosystem, developers who master the Shopify API can create valuable tools that serve businesses worldwide.
Whether you're building a custom integration for a single store or planning to launch a public app on the Shopify App Store, understanding the API landscape is essential. This guide covers everything you need to get started with Shopify API development, from authentication basics to advanced app architecture.
Understanding Shopify's API Ecosystem
Shopify provides multiple APIs, each designed for specific use cases. Choosing the right API for your project is the first critical decision you'll make as a developer.
Admin API: The Core of Store Management
The Admin API is what most developers work with. It provides access to store data and management functions, available in both REST and GraphQL versions.
REST Admin API
- Traditional endpoint-based architecture
- Straightforward for simple CRUD operations
- Rate limited to 40 requests per second (leaky bucket)
- Well-documented with extensive examples
GraphQL Admin API
- Shopify's recommended approach for new development
- Query exactly the data you need in a single request
- Cost-based rate limiting (more efficient)
- Access to newer features first
Here's a comparison of fetching a product with both approaches:
// REST API - Multiple calls may be needed
const response = await fetch(
`https://${shop}/admin/api/2024-01/products/${productId}.json`,
{
headers: {
'X-Shopify-Access-Token': accessToken,
'Content-Type': 'application/json'
}
}
);
// GraphQL API - Get exactly what you need
const query = `
query getProduct($id: ID!) {
product(id: $id) {
title
description
variants(first: 10) {
edges {
node {
price
inventoryQuantity
}
}
}
}
}
`;
Storefront API: Customer-Facing Experiences
The Storefront API is designed for building custom storefronts, mobile apps, and headless commerce experiences. Unlike the Admin API, it's meant for public-facing applications.
Key capabilities include:
- Product browsing and search
- Cart management
- Customer authentication
- Checkout creation
- Collection queries
# Storefront API query example
query getProducts {
products(first: 10) {
edges {
node {
id
title
priceRange {
minVariantPrice {
amount
currencyCode
}
}
images(first: 1) {
edges {
node {
url
}
}
}
}
}
}
}
Partner API
The Partner API gives access to your Partner Dashboard data programmatically. Use it to:
- Manage app installations
- Track recurring revenue
- Access development stores
- Monitor app performance metrics
Payments Apps API
For developers building payment gateways or alternative payment methods, the Payments Apps API provides the framework for processing transactions securely within Shopify's checkout flow.
Other Specialized APIs
- Checkout API: Customize the checkout experience
- Ajax API: Client-side cart and product operations
- Multipass API: Single sign-on for Plus merchants
- Marketing Events API: Track marketing campaign performance
Authentication and Authorization
Understanding Shopify's authentication system is crucial for building secure apps. Shopify uses OAuth 2.0, the industry standard for API authorization.
OAuth 2.0 Flow for Public Apps
The OAuth flow for Shopify apps follows these steps:
- Merchant initiates installation from your app listing or install link
- Your app redirects to Shopify's authorization URL
- Merchant approves requested permissions (scopes)
- Shopify redirects back with a temporary authorization code
- Your app exchanges the code for an access token
- Store the token securely for future API calls
// Step 1: Generate the authorization URL
const authUrl = `https://${shop}/admin/oauth/authorize?` +
`client_id=${API_KEY}&` +
`scope=${SCOPES}&` +
`redirect_uri=${REDIRECT_URI}&` +
`state=${nonce}`;
// Step 5: Exchange code for access token
const tokenResponse = await fetch(
`https://${shop}/admin/oauth/access_token`,
{
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
client_id: API_KEY,
client_secret: API_SECRET,
code: authCode
})
}
);
const { access_token } = await tokenResponse.json();
Access Token Types
Offline Access Tokens
- Long-lived tokens for background operations
- Persist until the app is uninstalled
- Used for webhooks, scheduled jobs, background sync
- Request with
access_mode=offline(default)
Online Access Tokens
- Short-lived, user-specific tokens
- Expire when the user's session ends
- Appropriate for user-initiated actions
- Request with
access_mode=online
API Scopes
Scopes define what your app can access. Request only what you need—excessive scopes reduce merchant trust and app approval likelihood.
Common scopes include:
read_products,write_productsread_orders,write_ordersread_customers,write_customersread_inventory,write_inventoryread_fulfillments,write_fulfillments
const SCOPES = [
'read_products',
'write_products',
'read_orders',
'read_customers'
].join(',');
Securing Your App
Security best practices for Shopify apps:
- Verify webhook signatures using HMAC
- Validate OAuth callbacks with state parameters
- Verify request authenticity for embedded apps
- Never expose your API secret
- Use HTTPS everywhere
- Store tokens encrypted
// Verify webhook HMAC
const crypto = require('crypto');
function verifyWebhook(body, hmacHeader) {
const hash = crypto
.createHmac('sha256', API_SECRET)
.update(body, 'utf8')
.digest('base64');
return crypto.timingSafeEqual(
Buffer.from(hash),
Buffer.from(hmacHeader)
);
}
Common API Endpoints and Operations
Let's explore the most frequently used API operations you'll encounter in Shopify development.
Products API
Products are central to any e-commerce operation. The Products API lets you manage the entire product catalog.
# Create a product with variants
mutation createProduct($input: ProductInput!) {
productCreate(input: $input) {
product {
id
title
variants(first: 5) {
edges {
node {
id
price
sku
}
}
}
}
userErrors {
field
message
}
}
}
Key product operations:
- Create, read, update, delete products
- Manage product variants (sizes, colors)
- Handle product images and media
- Update inventory levels
- Manage metafields for custom data
Orders API
Order management is critical for fulfillment apps, analytics tools, and ERP integrations.
// Fetch orders with REST API
const orders = await fetch(
`https://${shop}/admin/api/2024-01/orders.json?` +
`status=open&limit=50`,
{
headers: {
'X-Shopify-Access-Token': accessToken
}
}
);
// Common order operations
// - Retrieve order details
// - Create fulfillments
// - Process refunds
// - Add order notes
// - Update shipping information
Customers API
Customer data powers personalization, marketing automation, and loyalty programs.
query getCustomer($id: ID!) {
customer(id: $id) {
firstName
lastName
email
orders(first: 10) {
edges {
node {
totalPriceSet {
shopMoney {
amount
}
}
}
}
}
tags
metafields(first: 5) {
edges {
node {
key
value
}
}
}
}
}
Webhooks
Webhooks enable real-time event-driven architecture. Instead of polling for changes, your app receives notifications when events occur.
// Register a webhook
const webhookResponse = await fetch(
`https://${shop}/admin/api/2024-01/webhooks.json`,
{
method: 'POST',
headers: {
'X-Shopify-Access-Token': accessToken,
'Content-Type': 'application/json'
},
body: JSON.stringify({
webhook: {
topic: 'orders/create',
address: 'https://yourapp.com/webhooks/orders',
format: 'json'
}
})
}
);
Essential webhook topics:
orders/create,orders/updated,orders/paidproducts/create,products/update,products/deletecustomers/create,customers/updateapp/uninstalled(critical for cleanup)inventory_levels/update
Inventory Management
For apps dealing with stock levels and multi-location inventory:
mutation adjustInventory($input: InventoryAdjustQuantityInput!) {
inventoryAdjustQuantity(input: $input) {
inventoryLevel {
available
location {
name
}
}
}
}
Getting Started with the Shopify Partner Program
The Partner Program is your gateway to Shopify app development. It's free to join and provides essential resources for building and distributing apps.
Joining the Partner Program
- Visit partners.shopify.com
- Create an account with your business details
- Complete your partner profile
- Access your Partner Dashboard
Development Stores
Partners get unlimited development stores—full-featured Shopify stores for testing. These stores:
- Have all features of paid plans
- Never require payment
- Can install draft apps
- Support all API testing
- Can be transferred to clients
Partner Dashboard Features
Your Partner Dashboard provides:
- App management: Create and configure apps
- Store management: Development store creation
- Revenue tracking: Monitor earnings from apps and referrals
- Analytics: Installation and usage metrics
- Payouts: Monthly revenue disbursement
Revenue Opportunities
Partners earn through multiple channels:
App Revenue
- One-time app charges
- Recurring subscription fees
- Usage-based charges
- 80/20 revenue share with Shopify (developers keep 80%)
Theme Revenue
- Theme sales on the Theme Store
- Same 80/20 revenue share
Referrals
- Earn for merchants you refer to Shopify
- Ongoing commission for referred merchants
App Development Fundamentals
Building a Shopify app involves several architectural decisions and best practices.
App Types
Public Apps
- Listed on the Shopify App Store
- Available to all merchants
- Require Shopify review and approval
- Use OAuth for authentication
Custom Apps
- Built for a single store
- Direct API credentials (no OAuth)
- Not listed publicly
- Ideal for specific merchant needs
Private Apps (Legacy)
- Being deprecated in favor of custom apps
- Direct API access
- No App Bridge functionality
Embedded vs. Non-Embedded Apps
Embedded Apps
- Run inside Shopify Admin
- Use App Bridge for integration
- Seamless merchant experience
- Required for App Store listing
Non-Embedded Apps
- Open in separate browser tab
- Simpler to build
- Less integrated experience
- May be appropriate for specific use cases
Technology Stack
Shopify provides official libraries and frameworks:
Shopify CLI
# Install Shopify CLI
npm install -g @shopify/cli
# Create a new app
shopify app init
# Start development server
shopify app dev
App Bridge
import createApp from '@shopify/app-bridge';
import { Redirect } from '@shopify/app-bridge/actions';
const app = createApp({
apiKey: API_KEY,
host: window.__SHOPIFY_HOST__,
});
// Navigate within Shopify Admin
const redirect = Redirect.create(app);
redirect.dispatch(Redirect.Action.ADMIN_PATH, '/products');
Polaris Design System
import { Page, Card, Button } from '@shopify/polaris';
function ProductList() {
return (
<Page title="Products">
<Card sectioned>
<Button primary onClick={handleSync}>
Sync Products
</Button>
</Card>
</Page>
);
}
App Architecture Best Practices
-
Session Management
- Store session tokens securely
- Handle token refresh appropriately
- Clear data on uninstall webhook
-
Rate Limit Handling
- Implement exponential backoff
- Queue and batch requests
- Monitor rate limit headers
-
Data Storage
- Use metafields for shop-specific data
- Maintain your own database for complex data
- Consider GDPR compliance
-
Error Handling
- Handle API errors gracefully
- Provide meaningful error messages
- Log errors for debugging
// Rate limit handling example
async function shopifyRequest(url, options, retries = 3) {
try {
const response = await fetch(url, options);
if (response.status === 429) {
const retryAfter = response.headers.get('Retry-After') || 2;
await sleep(retryAfter * 1000);
return shopifyRequest(url, options, retries - 1);
}
return response;
} catch (error) {
if (retries > 0) {
await sleep(1000);
return shopifyRequest(url, options, retries - 1);
}
throw error;
}
}
Publishing Your App
Getting your app on the Shopify App Store involves meeting technical and business requirements.
App Store Requirements
Technical Requirements
- Embedded app experience using App Bridge
- OAuth authentication flow
- HTTPS for all endpoints
- Proper webhook handling
- GDPR webhooks implemented
- Responsive design with Polaris
Business Requirements
- Clear app description and screenshots
- Privacy policy
- Support documentation
- Pricing transparency
- Responsive merchant support
App Review Process
- Submit for review through Partner Dashboard
- Automated testing checks basic requirements
- Manual review by Shopify team
- Feedback and revisions if needed
- Approval and listing on App Store
Common rejection reasons:
- Poor user experience
- Missing required webhooks
- Security vulnerabilities
- Misleading descriptions
- Inadequate support documentation
Marketing Your App
Once listed, driving installations requires marketing effort:
- App Store optimization: Keywords, descriptions, screenshots
- Content marketing: Tutorials, case studies, blog posts
- Partner marketing: Co-marketing with complementary apps
- Merchant reviews: Encourage satisfied users to review
- Social proof: Showcase success stories
Advanced Topics
Bulk Operations
For large data processing, use bulk operations to avoid rate limits:
mutation bulkOperation {
bulkOperationRunQuery(
query: """
{
products {
edges {
node {
id
title
variants {
edges {
node {
id
price
}
}
}
}
}
}
}
"""
) {
bulkOperation {
id
status
}
userErrors {
field
message
}
}
}
Subscriptions and Billing
Implement app charges using the Billing API:
mutation createSubscription {
appSubscriptionCreate(
name: "Pro Plan"
returnUrl: "https://yourapp.com/billing/callback"
lineItems: [
{
plan: {
appRecurringPricingDetails: {
price: { amount: 9.99, currencyCode: USD }
interval: EVERY_30_DAYS
}
}
}
]
) {
appSubscription {
id
}
confirmationUrl
userErrors {
field
message
}
}
}
Flow and Automation
Shopify Flow integration allows merchants to use your app within automation workflows:
- Define triggers your app emits
- Accept actions merchants can configure
- Integrate with the broader Shopify ecosystem
Checkout Extensions
For Shopify Plus merchants, checkout extensions let you customize the checkout experience:
- Payment customizations
- Delivery customizations
- Order discounts
- Product offers
Resources for Continued Learning
Official Documentation
- Shopify Dev Documentation
- GraphQL Admin API Reference
- Polaris Design System
- App Bridge Documentation
Community Resources
- Shopify Partners Slack community
- Shopify Community forums
- Stack Overflow (shopify tag)
- GitHub sample apps and libraries
Development Tools
- Shopify CLI for app scaffolding
- GraphiQL for API exploration
- Postman collections for REST testing
- ngrok for local webhook testing
Conclusion
Shopify API and app development offers tremendous opportunity for developers who invest in understanding the platform. From simple integrations to complex public apps, the ecosystem supports a wide range of use cases.
Start with a development store from the Partner Program, experiment with the APIs, and gradually build more sophisticated applications. The combination of excellent documentation, modern tooling, and a massive merchant base makes Shopify one of the most developer-friendly e-commerce platforms available.
Whether you're building a custom integration for a client or planning the next big App Store success, mastering Shopify's APIs is the foundation. The merchants are waiting for solutions to their problems—now it's time to build them.
Ready to build your first Shopify app? Start by joining the Partner Program and creating a development store. For brands looking to optimize their Shopify store for AI-powered discovery, get a free AI visibility audit to understand how AI shopping assistants see your products.