Shopify Integration

Home Integrations Shopify Integration

Overview

Shopify is the world's most widely used e-commerce platform, powering millions of online stores from direct-to-consumer brands to high-volume merchants. For businesses operating on Shopify, connecting the platform to the surrounding operational infrastructure — ERP systems, inventory management, fulfilment providers, marketplaces, CRM systems, accounting software, and custom operational tools — is a routine and often critical requirement. Shopify's mature REST and GraphQL APIs, its webhook infrastructure, and its app development model make it one of the most integration-friendly e-commerce platforms available.

Shopify integration spans several distinct use cases. Reading order data from Shopify into operational systems — the ERP that needs orders for fulfilment, the accounting system that needs orders for invoicing, the CRM that needs orders for customer data. Writing data to Shopify — inventory level synchronisation, product catalogue updates from a central PIM or ERP, tracking number updates for shipped orders, metafield updates for custom data. Real-time event processing through webhooks — the fulfilment system that receives orders the moment they are placed, the inventory system that updates stock levels when a sale occurs. And custom Shopify app development for functionality that extends Shopify's native capabilities.

Shopify's API ecosystem has evolved significantly with the introduction of the GraphQL Admin API alongside the REST Admin API. Shopify's long-term direction is GraphQL-first — the GraphQL API has broader functionality coverage, better performance characteristics for complex queries, and receives new features before the REST API. New Shopify integrations that involve complex data access or mutation benefit from GraphQL. Simpler integrations and those requiring webhook processing continue to use REST comfortably.

We build Shopify integrations for e-commerce businesses, Shopify app developers, and technology companies that need to connect their custom systems, operational infrastructure, and data pipelines to Shopify's e-commerce platform.

What Shopify Integration Covers

Shopify API authentication. Shopify's API supports several authentication mechanisms appropriate for different integration types.

Private apps and custom apps: the Shopify custom app installed on a specific store — created in the Shopify admin under Apps and sales channels, generating an Admin API access token with configurable API permission scopes. The X-Shopify-Access-Token header included in every API request. The custom app approach for integrations built specifically for a single Shopify store, where the access token is permanent and does not require OAuth.

OAuth for public apps: the OAuth 2.0 flow for Shopify apps that install across multiple merchant stores. The authorisation URL with the app's client ID, the requested scopes, and the redirect URL. The merchant's consent through Shopify's OAuth screen, the authorisation code exchange for a permanent access token specific to that merchant's store. The access token storage mapped to the shop domain for multi-merchant app access. HMAC validation of the OAuth callback parameters to verify the request originated from Shopify.

Shopify Partner apps: the Shopify Partner account that manages app development — the development store for testing, the app configuration with client ID and client secret, and the OAuth flow for installing on merchant stores.

API scopes: the Shopify API access scopes that control which resources the integration can access — read_orders and write_orders for order access, read_products and write_products for product catalogue, read_inventory and write_inventory for inventory levels, read_fulfillments and write_fulfillments for fulfilment management, read_customers and write_customers for customer data. The minimum necessary scopes for each integration.

REST Admin API — orders. Reading and managing Shopify orders.

Order retrieval: the GET /admin/api/{version}/orders.json endpoint for listing orders with query parameters. The status parameter — open for unfulfilled orders, closed for fulfilled orders, any for all orders. The created_at_min and created_at_max parameters for date range filtering. The updated_at_min parameter for incremental synchronisation — retrieving only orders updated since the last sync. The fulfillment_status parameter — unfulfilled, partial, fulfilled, unshipped. Pagination with the limit parameter and the page_info cursor from the Link response header.

Order detail: the GET /admin/api/{version}/orders/{orderId}.json endpoint for a specific order — the full order object with line items, shipping address, billing address, customer, payment gateway, financial status, fulfilment status, shipping lines, discount codes, note attributes, and the other order-level data.

Order update: the PUT /admin/api/{version}/orders/{orderId}.json endpoint for updating order-level fields — adding tags, updating note attributes, adding metafields. The limited set of order fields that can be updated through the API after order creation.

Order cancellation: the POST /admin/api/{version}/orders/{orderId}/cancel.json endpoint for cancelling an order — with the reason, the email flag for sending cancellation notification, and the restock flag for restoring inventory.

Transaction data: the GET /admin/api/{version}/orders/{orderId}/transactions.json endpoint for payment transaction records — the payment gateway responses, refund transactions, and the financial audit trail.

REST Admin API — fulfilment. Managing order fulfilment and tracking.

Fulfilment location: the GET /admin/api/{version}/locations.json endpoint for retrieving the configured fulfilment locations — the location ID required for fulfilment creation.

Fulfilment creation: the POST /admin/api/{version}/orders/{orderId}/fulfillments.json endpoint for creating a fulfilment record on an order. The fulfilment with the location_id, the tracking_number, the tracking_company (the carrier name), the tracking_url, the line_items array specifying which items are being fulfilled and their quantities, and the notify_customer flag for sending shipment notification.

Fulfilment update: the POST /admin/api/{version}/fulfillments/{fulfillmentId}/update_tracking.json endpoint for adding or updating tracking information on an existing fulfilment — the tracking number update for orders where tracking becomes available after fulfilment creation.

GraphQL Admin API. The GraphQL interface for more complex Shopify data access and mutations.

GraphQL endpoint: the POST /admin/api/{version}/graphql.json endpoint for all GraphQL operations. The JSON body with the query string and optional variables object. The X-Shopify-Access-Token authentication header identical to REST.

Order queries: the GraphQL orders query for retrieving orders with flexible field selection and filtering. The connection pattern — edges containing node objects, with pageInfo including hasNextPage and endCursor for pagination. The GraphQL query that requests exactly the fields needed — reducing response payload compared to the REST API that returns all fields by default.

Bulk operations: the Shopify GraphQL Bulk Operations API for high-volume data export. The bulkOperationRunQuery mutation that initiates a bulk data export running asynchronously. The currentBulkOperation query for polling the operation status. The JSONL file download URL returned when the operation completes — the file containing all matching records in JSON Lines format, one record per line. The bulk operation that retrieves hundreds of thousands of orders or products efficiently without pagination overhead.

Metafields: the GraphQL metafields connection for reading and writing custom data attached to Shopify objects — the custom fields on products, variants, orders, customers, and collections that extend Shopify's standard data model. The metafieldsSet mutation for bulk metafield updates.

Product variants: the GraphQL productVariants query for efficient access to product variant data including inventory quantities across locations — the query that retrieves variant IDs, SKUs, prices, and inventory levels in a single request.

Inventory management. Synchronising inventory levels between Shopify and external systems.

Inventory levels: the GET /admin/api/{version}/inventory_levels.json endpoint for retrieving current inventory quantities. The inventory_item_ids and location_ids query parameters for filtering. The available quantity that customers see and can purchase.

Inventory adjustment: the POST /admin/api/{version}/inventory_levels/adjust.json endpoint for adjusting inventory quantity by a delta — adding or subtracting from the current quantity. The available_adjustment parameter with a positive or negative integer.

Inventory set: the POST /admin/api/{version}/inventory_levels/set.json endpoint for setting inventory to an absolute quantity — overriding the current value rather than adjusting it. The available parameter with the target quantity.

Multi-location inventory: the location_id parameter in inventory operations for managing stock across multiple Shopify locations — the inventory levels per location that reflect where the physical stock is held.

Product catalogue management. Reading and updating Shopify's product catalogue.

Product retrieval: the GET /admin/api/{version}/products.json endpoint for listing products with filtering by status, vendor, product type, and created/updated date. The GET /admin/api/{version}/products/{productId}.json endpoint for a specific product with its variants, images, and metafields.

Product creation and update: the POST /admin/api/{version}/products.json endpoint for creating products. The PUT /admin/api/{version}/products/{productId}.json endpoint for updating product-level fields — title, description, tags, status, vendor, product type. The PUT /admin/api/{version}/variants/{variantId}.json endpoint for updating variant-level fields — price, SKU, barcode, weight, inventory policy.

Product images: the POST /admin/api/{version}/products/{productId}/images.json endpoint for adding images to products. The image object with the src URL or attachment base64-encoded image data.

Collections: the GET /admin/api/{version}/custom_collections.json and GET /admin/api/{version}/smart_collections.json endpoints for reading collection data. The POST /admin/api/{version}/collects.json endpoint for adding a product to a custom collection.

Customer management. Reading and managing Shopify customer records.

Customer retrieval: the GET /admin/api/{version}/customers.json endpoint with email, phone, or name search. The customer object with order history, address book, tags, and metafields.

Customer creation and update: the POST /admin/api/{version}/customers.json and PUT /admin/api/{version}/customers/{customerId}.json endpoints for creating and updating customer records.

Webhooks — real-time event delivery. Shopify webhooks for receiving store events in real time.

Webhook registration: the POST /admin/api/{version}/webhooks.json endpoint for registering webhook subscriptions programmatically. The webhook with the topic (the event type) and the address (the endpoint URL). Shopify webhook topics — orders/create, orders/updated, orders/paid, orders/fulfilled, orders/cancelled, products/create, products/update, inventory_levels/update, customers/create, customers/update, app/uninstalled, shop/update.

Webhook payload: the JSON payload sent to the registered URL when the event occurs. The X-Shopify-Topic header identifying the event type. The X-Shopify-Shop-Domain header identifying which shop the event originated from — critical for multi-merchant apps.

HMAC validation: the X-Shopify-Hmac-Sha256 header containing the HMAC-SHA256 of the webhook payload computed with the app's client secret. The mandatory validation that the webhook handler must perform before processing any webhook — rejecting requests that fail HMAC validation.

Webhook reliability: Shopify retries failed webhook deliveries (non-2xx responses) up to 19 times over 48 hours. The idempotent webhook handler that uses the X-Shopify-Webhook-Id header as the idempotency key — processing each webhook exactly once even when delivered multiple times.

Shopify Flow and automation. Event-driven automation within Shopify.

Shopify Flow triggers: custom Shopify Flow triggers from custom apps that fire when external events occur — the external system that signals Shopify Flow to run an automation. The POST /admin/api/{version}/events/trigger.json endpoint for triggering custom Flow events.

API rate limits. Shopify enforces rate limits that production integrations must manage.

REST API rate limits: the leaky bucket model — a bucket that fills with each API call and drains over time. The X-Shopify-Shop-Api-Call-Limit response header showing current bucket usage (used/total, e.g., 40/80). The bucket that refills at 2 calls per second (standard) — making the sustained rate limit 2 requests/second with burst capacity. The 429 response when the bucket overflows.

GraphQL cost limit: the GraphQL API uses a cost-based rate limit — each query has a cost based on the complexity of the requested fields. The extensions.cost object in GraphQL responses showing the query cost and the remaining budget. The throttleStatus that indicates current rate limit position.

Retry-After: the Retry-After header in 429 responses indicating the seconds to wait before retrying. The exponential backoff implementation that respects the Retry-After value.

Integration Patterns

Order processing pipeline. The integration that captures orders from Shopify and routes them to fulfilment — the webhook subscription to orders/create and orders/paid that delivers new orders to the fulfilment system in real time, the fulfilment confirmation that posts tracking numbers back to Shopify.

Inventory synchronisation. The bidirectional inventory sync that keeps Shopify's available quantities aligned with warehouse stock — the sales in Shopify that deplete inventory, the goods receipts in the warehouse that increase available quantity, the synchronisation that prevents overselling.

Product catalogue synchronisation. The PIM or ERP as the product master — product data created or updated in the central system synchronised to Shopify's product catalogue with correct field mapping and image management.

Multi-store management. The Shopify Partner app or private tooling that manages data across multiple Shopify stores — the product template that deploys to all stores, the pricing update that propagates to specific regional stores, the performance reporting that aggregates across all stores.

Technologies Used

  • C# / ASP.NET Core — Shopify integration for .NET applications using ShopifySharp library or direct HTTP
  • TypeScript / Node.js — Shopify integration using the @shopify/shopify-api Node.js library for both app development and custom integrations
  • Python — Shopify integration using the ShopifyAPI Python library for data pipelines and operational scripts
  • PHP / Laravel — Shopify integration for PHP-based systems using the osiset/laravel-shopify package
  • Rust / Axum — high-performance Shopify webhook processing and data pipeline for high-volume merchants
  • REST / HTTP — Shopify REST Admin API communication
  • GraphQL — Shopify GraphQL Admin API for complex queries and bulk operations
  • OAuth 2.0 — Shopify app authentication for multi-merchant installations
  • HMAC-SHA256 — Shopify webhook signature validation
  • SQL (PostgreSQL / MySQL) — order data, product mapping, inventory tracking, synchronisation state
  • Redis — rate limit management, webhook deduplication, access token storage
  • Hangfire / scheduled jobs — inventory sync scheduling, product catalogue synchronisation, reporting
  • Docker — containerised integration service deployment
  • GitHub Actions — CI/CD pipeline for integration service deployment

Shopify in the E-commerce Technology Stack

Shopify's position as the most widely deployed e-commerce platform means that Shopify integration is a common requirement for a wide range of business systems — the ERP that needs to receive Shopify orders, the 3PL that needs to fulfil them, the accounting system that needs the financial data, the CRM that needs the customer data, the marketplace that needs the product catalogue, and the analytics platform that needs the sales data.

The Shopify API's maturity — its comprehensive coverage of Shopify's data model, its webhook infrastructure, its GraphQL capabilities — makes it a reliable integration foundation. The rate limit discipline, the HMAC webhook validation, and the pagination handling are the implementation details that separate production-quality Shopify integrations from integrations that work under low load but fail under production conditions.

Shopify Connected to Your Business Operations

Shopify integrations built to production standards — correct OAuth authentication for multi-merchant apps, HMAC-validated webhook processing with idempotency, rate-limit-respecting API clients with leaky bucket tracking, GraphQL bulk operations for high-volume data access, inventory synchronisation that prevents overselling, and the operational monitoring that surfaces integration failures before they affect fulfilment or customer experience.