If you run a Shopify store, you have almost certainly encountered the term “API” at some point. Perhaps your developer mentioned needing API access for an integration. Perhaps you have seen it in app documentation. Or perhaps you have been told that a particular feature “requires custom API work” and wondered what that actually means in practice.
This guide is not a coding tutorial. It is a practical explanation of Shopify’s APIs written for founders, operations managers, marketers, and anyone else who needs to make informed decisions about their store’s technical architecture without necessarily writing code themselves.
Understanding APIs at a conceptual level will help you evaluate apps, brief developers, plan integrations, and avoid expensive mistakes. It will also help you understand what is genuinely complex (and therefore expensive) versus what should be straightforward when you are working with a custom Shopify app developer.
What is an API and why should you care
API stands for Application Programming Interface. In plain English, it is a structured way for two software systems to talk to each other. When your accounting software automatically pulls order data from Shopify, it is using an API. When your email marketing platform syncs customer data from your store, it is using an API. When a customer adds a product to their cart on a headless storefront, that interaction happens through an API.
Think of an API as a waiter in a restaurant. You (the application) tell the waiter (the API) what you want. The waiter goes to the kitchen (Shopify’s database), retrieves your order, and brings it back to you. You never go into the kitchen yourself, and you do not need to understand how the food is prepared. You just need to know what is on the menu (the API documentation) and how to place your order (the request format).
Why should you, as a non-developer, care about this? Because APIs determine what is possible with your Shopify store. They define the boundaries of what apps can do, what integrations are feasible, and what custom functionality can be built. Understanding these boundaries helps you make better business decisions.
You do not need to understand how to write API code. You need to understand what APIs make possible and impossible. That knowledge is the difference between realistic project scoping and expensive surprises.
The Shopify API landscape
Shopify provides several different APIs, each designed for a specific purpose:
| API | Who uses it | What it does |
|---|---|---|
| Admin API | Apps, developers, integrations | Full read/write access to store data (products, orders, customers, etc.) |
| Storefront API | Custom storefronts, mobile apps | Read-only product data plus cart/checkout for customer-facing apps |
| Partner API | Agency partners | Manage partner-level resources (stores, apps, earnings) |
| Payments Apps API | Payment providers | Build custom payment gateways for Shopify checkout |
| Functions API | Developers | Custom backend logic for discounts, shipping, payments |
For most store owners, the Admin API and Storefront API are the ones that matter. The Partner API is relevant if you work with a Shopify agency (which, if you are reading this, you likely do or are considering). The Payments Apps API and Functions API are developer-facing and you are unlikely to interact with them directly.
The Admin API explained
The Admin API is the workhorse of the Shopify ecosystem. Every app you install from the Shopify App Store uses the Admin API. Every integration with your ERP, accounting software, or warehouse management system uses the Admin API. Any custom tool built to manage your store uses the Admin API.
The Admin API provides access to:
- Products — create, read, update, and delete products, variants, images, and metafields.
- Orders — access order data, create draft orders, manage fulfilment, process refunds.
- Customers — manage customer records, addresses, tags, and account data.
- Inventory — track stock levels across locations, adjust quantities, set inventory policies.
- Collections — manage smart and manual collections.
- Discounts — create and manage discount codes and automatic discounts.
- Shipping — manage shipping zones, rates, and fulfilment services.
- Content — pages, blog posts, redirects, and script tags.
- Store settings — policies, locales, markets, and shop configuration.
Authentication and access
The Admin API requires authentication. This means any application or tool that wants to access your store data needs permission from you. When you install a Shopify app, you are granting it specific API permissions (called “scopes”). This is why apps ask for permission to access products, orders, or customers during installation.
There are two types of Admin API access:
- Public apps — listed on the Shopify App Store. They use OAuth to request permissions from store owners. Multiple stores can install them.
- Custom apps — built specifically for your store. They are created in your Shopify admin under Settings → Apps and sales channels. Only your store uses them.
For integrations like ERP or ERP systems, custom apps are typically the right choice. They provide direct API access scoped to exactly what the integration needs, without the overhead of a public app listing.
What the Admin API cannot do
Understanding limitations is as important as understanding capabilities:
- It cannot modify the checkout experience directly (use Checkout Extensibility instead).
- It cannot change the theme code itself (use the Theme API or Asset API for that).
- It cannot access Shopify’s internal analytics directly (use the Analytics API for aggregated data).
- It cannot bypass Shopify’s rate limits, regardless of your plan tier.
The Storefront API explained
The Storefront API is fundamentally different from the Admin API. It is designed for customer-facing applications — things your customers interact with directly. It provides read-only access to your product catalogue plus the ability to manage carts and initiate checkouts.
The Storefront API is what powers:
- Headless storefronts — custom websites built with React, Vue, or other frontend frameworks that use Shopify as a backend. See our guide on Shopify Hydrogen for details.
- Mobile apps — native iOS and Android apps that sell your products.
- Buy buttons — embedded product purchase widgets on non-Shopify websites.
- Custom product pickers — interactive tools that let customers configure products before adding to cart.
The key distinction: the Storefront API uses a public access token. This means it is safe to use in client-side code (JavaScript running in a customer’s browser). The Admin API token must never be exposed publicly, as it provides write access to your entire store.
REST vs GraphQL: the two flavours
Shopify offers two “flavours” of the Admin API: REST and GraphQL. This is one of the most confusing aspects for non-developers, so let us simplify it.
REST API works like a menu with fixed dishes. You request a specific endpoint (URL) and get back a predefined set of data. Want product data? Call the products endpoint. Want order data? Call the orders endpoint. The format of what you get back is fixed.
// REST: Get a product (returns ALL product fields)
GET /admin/api/2026-01/products/123456789.json
// Returns a large JSON object with every product field,
// even the ones you don't needGraphQL API works like a buffet where you choose exactly what you want. You write a query specifying precisely which fields you need, and Shopify returns only those fields. This is more efficient because you do not download unnecessary data.
// GraphQL: Get only the product title and price
{
product(id: "gid://shopify/Product/123456789") {
title
variants(first: 1) {
nodes {
price
}
}
}
}Shopify is gradually moving towards GraphQL as the primary API. New features often appear in GraphQL first, and some newer APIs (like the Storefront API) are GraphQL-only. For PIM integrations and other complex data operations, GraphQL’s precision is a significant advantage.
Webhooks: real-time event notifications
Webhooks are the opposite of API calls. Instead of your system asking Shopify for data (polling), webhooks let Shopify tell your system when something happens (pushing).
When a customer places an order, Shopify can immediately notify your warehouse management system. When a product goes out of stock, Shopify can tell your email platform. When a customer creates an account, Shopify can alert your CRM.
Common webhook events include:
orders/create— fired when a new order is placed.orders/fulfilled— fired when an order is marked as fulfilled.products/update— fired when product data changes.customers/create— fired when a new customer account is created.inventory_levels/update— fired when stock levels change.app/uninstalled— fired when your app is uninstalled from a store.
Webhooks are essential for real-time integrations. Without them, your systems would need to constantly check Shopify for changes (polling), which is inefficient and can consume your rate limit allocation.
Rate limits and what they mean
Shopify imposes rate limits on API access to ensure platform stability. This is one of the most practically important concepts for store owners to understand, because rate limits directly affect what your integrations can do.
The limits vary by API type:
- REST Admin API — 2 requests per second (or 4 per second for Shopify Plus stores). Uses a “leaky bucket” model where you can burst up to 40 requests (80 for Plus) and then must slow down.
- GraphQL Admin API — 1,000 cost points per second (2,000 for Plus). Different queries consume different amounts of cost points based on complexity.
- Storefront API — no rate limit per se, but there are throttling protections for extremely high traffic.
Why this matters to you: if your integration needs to sync thousands of products or process large order volumes, rate limits determine how long that sync takes. A product catalogue sync of 10,000 products at 2 requests per second takes at least 83 minutes via REST. With GraphQL, you can fetch multiple products per query, potentially reducing that to under 10 minutes.
Common integration patterns
Here are the most common API-powered integrations we build for Shopify stores:
ERP integration
Your enterprise resource planning system (SAP, NetSuite, Microsoft Dynamics) syncs with Shopify via the Admin API. Typically, products flow from ERP to Shopify, and orders flow from Shopify to ERP. Inventory levels sync bidirectionally. This is one of the most complex integrations because it requires careful handling of data mapping, conflict resolution, and error recovery. Read our ERP integration guide for a detailed breakdown.
Warehouse management
WMS systems receive order data via webhooks (orders/create) and send fulfilment data back via the Admin API. This typically involves creating fulfilment records, updating tracking numbers, and adjusting inventory levels.
Email marketing
Platforms like Klaviyo sync customer data, order history, and browsing behaviour via the Admin API and webhooks. This data powers segmentation, personalised email flows, and product recommendations.
Product information management
PIM systems like Akeneo or Salsify serve as the master source for product data. They push product titles, descriptions, images, metafields, and variants to Shopify via the Admin API. See our PIM integration guide for implementation details.
No-code tools that use Shopify APIs
You do not always need a developer to leverage Shopify APIs. Several no-code and low-code platforms provide visual interfaces for building API integrations:
- Shopify Flow — Shopify’s built-in automation platform. Create workflows triggered by store events (orders, inventory changes, customer actions) without writing code. Available on Shopify Plus and Advanced plans.
- Zapier — connects Shopify to thousands of other applications. Create “Zaps” that trigger actions when events occur in your store.
- Make (formerly Integromat) — a more powerful alternative to Zapier with visual workflow builders and more complex logic capabilities.
- Mechanic — a Shopify app that provides a scripting environment for store automation. More powerful than Flow but still more accessible than custom development.
These tools are ideal for simple integrations, data synchronisation tasks, and workflow automation. For complex, high-volume integrations (like ERP systems), custom development usually provides better performance and reliability.
How to talk to your developer about APIs
When briefing developers or agencies on API-related work, here are the questions and concepts that lead to productive conversations:
Questions to ask
- “Which Shopify API will this use?” — ensures they are using the right API for the job.
- “What scopes (permissions) does this need?” — helps you understand the security implications.
- “How will you handle rate limits?” — reveals whether they have planned for scale.
- “Will this use REST or GraphQL?” — for new projects, GraphQL is generally preferred.
- “What happens when the API is down or returns errors?” — tests their error handling strategy.
- “How will webhooks be secured?” — ensures they are verifying webhook signatures.
Red flags to watch for
- A developer who does not know the difference between the Admin and Storefront APIs.
- An integration plan that does not mention rate limits.
- Polling-based architectures where webhooks would be more appropriate.
- Using REST when GraphQL would be significantly more efficient for the use case.
- No error handling or retry logic in the integration design.
APIs are the connective tissue of modern ecommerce. They enable the integrations, automations, and custom experiences that separate growing stores from stagnant ones. You do not need to understand the code behind them, but understanding what they do and what they make possible will make you a more effective decision-maker for your Shopify development roadmap.
If you are planning an integration, evaluating custom app development, or trying to understand what is technically feasible for your store, start a conversation with us. We can translate your business requirements into a clear technical plan and make sure you are not paying for complexity you do not need.