Getting started with the Shopify Partner API

The Shopify Partner API enables you to programmatically access the data from your Partner Dashboard. This guide shows you how to get set up and start making requests to the Partner API.

Partner API authentication

There are two pieces of information that you must include to successfully authenticate requests to a Partner API endpoint:

Organization ID

The organization ID must be included in the endpoint URL that you're querying. For example:

You can find your organization ID in the URL of the Partner Dashboard when you're logged in. For example, from the Payouts page, if the URL is https://partners.shopify.com/1234/payments, then your organization ID is 1234.

Access token

You need to include an API client access token in an X-Shopify-Access-Token request header. For example:

The API client access token must belong to the organization that you are querying. You can create a new API client for your organization through the Partner Dashboard.

Your access token secures your organization's data and should be kept secret at all times. If you need to replace your access token, you can generate a secondary token that you can rotate in to avoid downtime.

Create an API client

You can create a new API client through the Partner Dashboard. Each API client can access only the data belonging to the organization in which it is created.

If you have multiple Partner organizations, then you need to create an API client through the Partner Dashboard of each organization that you want to access using the API.

Only organization owners can create and manage API clients.

Steps:

  1. From your Partner Dashboard, navigate to Settings > Partner API clients, and then click Manage Partner API clients.
  2. Click Create API client.
  3. Enter a name to identify the API client.
  4. Select the appropriate permissions. You can add or remove permissions from a Partner API client as needed.
  5. Click Save, and then click Create API client.
  6. In the Credentials section, next to the Access token field, click Show to show the access token, or click Copy to copy the access token to your clipboard.

Permissions

You should grant only the permissions that your API client needs to work. For example, if you want to develop some code to pull app events, then you should grant only the Manage apps permission.

In some cases, you might need to grant multiple permissions to retrieve the data you need. For example, you need to grant the View financials permission to access Transaction resources. If a transaction is generated by an app, then you also need the Manage apps permission to view the app's details.