📝 Topics Covered

• 1. Accessing Shopify Backend Data via API
  • 1.1 Admin API
  • 1.2 Storefront API (GraphQL only)
• 2. REST vs. GraphQL in Shopify
  • 2.1 REST Admin API (Legacy)
  • 2.2 GraphQL Admin API (Recommended)
  • 2.3 API Rate Limits & Cost Systems
• 3. General Steps to Access Shopify Store Data
  • 3.1 App Distribution: Custom vs. Public Apps
  • 3.2 Working with Custom Apps (Single-Store Access)
• 4. Step-by-Step: Creating a Custom App & Getting API Credentials
• 5. Testing Your API Connection (GraphQL Example)

1. Accessing Shopify Backend Data via API

Accessing Shopify store data using its API is a fundamental skill for anyone building apps, integrations, or custom tools for Shopify merchants. For more details, see the official Shopify API Documentation .

Shopify provides two primary APIs to retrieve and manage store data:

1.1 Admin API

Used for managing a Shopify store’s backend data (such as products, orders, customers, inventory, and fulfillment). This is the API most custom and public apps interact with.

It is available in two protocols:

• GraphQL Admin API (Recommended)
• REST Admin API (Legacy)

💡 Developer Prerequsites:

• A Shopify Partner account or store administrator access
• A custom or public app registered in your Shopify workspace
• API Credentials (API Key + Access Token)

1.2 Storefront API (GraphQL only)

Designed for building custom storefronts or headless commerce experiences (e.g., mobile commerce apps, headless web stores) where you need to display product information, manage customer carts, and handle checkouts directly.

• Public Access: It does not require buyer authentication.
• Scope: Limited to public-facing data (e.g., product details, collections, and storefront checkout). It cannot access secure backend data like fulfillment or payment details.

2. REST vs. GraphQL in Shopify

2.1 REST Admin API (Legacy)

A traditional RESTful API with distinct, resource-specific endpoints.

⚠️ Important Deprecation Warning: The REST Admin API is officially a legacy API as of October 1, 2024. Starting April 1, 2025, all new public apps must be built exclusively with the GraphQL Admin API. If you have legacy apps, follow the GraphQL Migration Guide .

2.2 GraphQL Admin API (Recommended)

A modern, flexible API that allows you to request exactly the data you need in a single query. Shopify is actively prioritizing GraphQL for all new feature development.

👍 Why Shopify Prefers GraphQL:

• Efficiency: Fetch multiple resources (e.g., products, orders, and shop details) in a single request.
• No Under/Over-fetching: You define the exact fields you want returned.
• Learn more in the Benefits of GraphQL over REST guide.
• Use the web-based GraphiQL Explorer to test queries.

2.3 API Rate Limits & Cost Systems

Shopify enforces strict limits to protect store performance and server infrastructure:

• REST API: Uses a Leaky Bucket algorithm (typically 40 requests per app, per store, per second).
• GraphQL API: Uses a Cost-Based system (1,000 cost points per minute, where each query has a calculated complexity cost).

3. General Steps to Access Shopify Store Data

All API access is managed through Shopify applications, which are divided into two main types:

3.1 App Distribution: Custom vs. Public Apps

1. Custom Apps (formerly Private Apps)
   • Built for a single store, custom apps are created and installed directly from the Shopify Admin panel.
   • Creating a Custom App Tutorial
2. Public Apps
   • Built by Shopify Partners to be distributed and installed across multiple merchant stores via the Shopify App Store.
   • Shopify Partner Dashboard

3.2 Working with Custom Apps (Single-Store Access)

Custom apps are perfect for single-merchant integrations, backend sync scripts, or local developer testing. They are created directly within the merchant’s Shopify admin console.

🔒 Access Limitations & PII Control:

• Basic Plans: Basic store plans cannot access Protected Customer Data (PII fields).
• PII Level 2 Access: To request customer personal information or advanced scopes, your store must be on the Shopify Grow plan or higher.
• For full details, see the Shopify Custom Apps Manual .

4. Step-by-Step: Creating a Custom App & Getting API Credentials

Follow these steps to configure your app and obtain your secure access token:

1. Navigate to Apps Settings: Log into your Shopify Store Admin. Go to Settings > Apps and sales channels > Develop apps.
2. Create the App: Click Create an app. Enter a name (e.g., "My API Test App") and select your developer account.
3. Configure API Scopes:
   • Go to the Configuration tab.
   • Under Admin API integration, click Configure.
   • Select the exact permissions (scopes) your app needs. For example, check read_products to view products, or read_orders to view orders. Always follow the principle of least privilege.
   • Click Save.
4. Install the App:
   • Go to the API credentials tab.
   • Click Install app and confirm the installation.
5. Secure Your Access Token:
   • Under Admin API access token, click Reveal token once.
   • ⚠️ Crucial: Copy this token immediately and store it securely. Shopify will only show it to you once.
   • This token acts as your bearer password (X-Shopify-Access-Token) in HTTP headers. You will also see your standard API Key and API Secret Key for verifying webhooks.

5. Testing Your API Connection (GraphQL Example)

Now that you have your Admin API Access Token and Store Name, you can test the connection by querying your store’s database.

Here is a sample curl request to fetch the ID and Title of the three most recently added products using the GraphQL Admin API:

curl -X POST https://{store_name}.myshopify.com/admin/api/2025-04/graphql.json \
  -H 'Content-Type: application/json' \
  -H 'X-Shopify-Access-Token: {access_token}' \
  -d '{
    "query": "{
      products(first: 3) {
        edges {
          node {
            id
            title
          }
        }
      }
    }"
  }'