Getting started with the GraphQL Admin and REST Admin APIs

The GraphQL Admin and REST Admin APIs let you build apps and other integrations for the Shopify admin using GraphQL or REST. With the APIs, you can create apps that offer functionality at every stage of a store's operation, including shipping, fulfillment, and product management.

Authentication

The GraphQL Admin and REST Admin APIs require a Shopify access token (for public apps and custom apps) or an API password (for private apps) for making authenticated requests.

Authenticate using OAuth

To get the access token, follow the OAuth authorization flow in the OAuth guide. Include the access token as a X-Shopify-Access-Token header in your requests.

You can obtain an access token either by following the OAuth authorization process or by creating a private app and using that app's API password.

Authenticate using basic HTTP authentication

  1. From your Shopify admin, click Apps.
  2. Click Manage private apps.
  3. Click Create a new private app.
  4. Enter the details for your private app.
  5. Click Save.
  6. Use the generated API password as the access token.

GraphQL Admin API

The GraphQL Admin API is a GraphQL-based alternative to the REST-based Admin API, and makes the functionality of the Shopify admin available at a single GraphQL endpoint:

POST https://{shop}.myshopify.com/admin/api/2021-07/graphql.json

You can access the GraphQL Admin API using the GraphiQL app, curl, or any HTTP client:

Use the GraphiQL app

We recommend installing Shopify’s own GraphiQL app to explore your shop’s data using the GraphQL Admin API. After you've installed the app, you can test it by running the following query:

POST https://{shop}.myshopify.com/admin/api/2021-07/graphql.json

View response

Use curl

The following example shows a query for the first 5 product IDs and handles. Replace {shop} with your store’s domain and {password} with the access token you generated in the Authentication section.

POST https://{shop}.myshopify.com/admin/api/2021-07/graphql.json

View response

Example query

In GraphQL, queries are the equivalent of REST’s GET action verb. They generally begin with one of the objects listed under QueryRoot and can get data from any connections that object has. Even though a POST is being sent to the GraphQL endpoint, if the body only contains queries, then data will only be retrieved and not modified.

The following example shows a query for the quantity of inventory items available at a location:

POST https://{shop}.myshopify.com/admin/api/2021-07/graphql.json

View response

Example mutation

Mutations are the equivalent of REST’s data-modifying action verbs, such as PUT or DELETE. The following example shows a mutation that increases the available inventory at a location:

POST https://{shop}.myshopify.com/admin/api/2021-07/graphql.json

View response

REST Admin API

You can access the REST Admin API using curl or any other HTTP client. REST Admin API endpoints are organized by resource. You'll need to use different API endpoints depending on the service that your app provides.

Example GET request using curl

The following curl request retrieves information by using the Shop resource and the GET /admin/api/2021-07/shop.json endpoint. Replace {shop} with your store’s domain and {password} with the access token you generated in the Authentication section.

Request:

View response