The REST Admin API is a legacy API as of October 1, 2024. All apps and integrations should be built with the GraphQL Admin API. For details and migration steps, visit our migration guide.
REST Admin API reference
The Admin API lets you build apps and integrations that extend and enhance the Shopify admin.
Some newer platform features may only be available in GraphQL.
Client libraries
Use Shopify’s officially supported libraries to build fast, reliable apps with the programming languages and frameworks you already know.
The official package for Remix applications, with full TypeScript support.
Authentication
All REST Admin API queries require a valid Shopify access token.
Public and custom apps created in the Partner Dashboard generate tokens using OAuth, and custom apps made in the Shopify admin are authenticated in the Shopify admin. To simplify the authentication process, use one of the recommended Shopify client libraries.
Include your token as a X-Shopify-Access-Token
header on all API queries. Using Shopify’s supported client libraries can simplify this process.
To keep the platform secure, apps need to request specific access scopes during the install process. Only request as much data access as your app needs to work.
Learn more about getting started with authentication and building apps.
Endpoints and requests
Admin REST API endpoints are organized by resource type. You’ll need to use different endpoints depending on your app’s requirements.
All Admin REST API endpoints follow this pattern:
The Admin API is versioned, with new releases four times per year. To keep your app stable, make sure you specify a supported version in the URL. Learn more about API versioning.
All REST endpoints support cursor-based pagination. All requests produce HTTP response status codes.
Learn more about API usage.
Rate limits
The REST Admin API supports a limit of 40 requests per app per store per minute. This allotment replenishes at a rate of 2 requests per second. The rate limit is increased by a factor of 10 for Shopify Plus stores.
Usage limitations
REST Admin API supports a limit of 40 requests per app per store per minute.
Past the limit, the API will return a 429 Too Many Requests
error.
All REST API responses include the X-Shopify-Shop-Api-Call-Limit
header, which shows how many requests the client has made, and the total number allowed per minute.
A 429
response will also include a Retry-After
header with the number of seconds to wait until retrying your query.
Learn more about rate limits.
Status and error codes
All API queries return HTTP status codes that can tell you more about the response.
401 Unauthorized
The client doesn’t have correct authentication credentials.
402 Payment Required
The shop is frozen. The shop owner will need to pay the outstanding balance to unfreeze the shop.
403 Forbidden
The server is refusing to respond. This is typically caused by incorrect access scopes.
404 Not Found
The requested resource was not found but could be available again in the future.
422 Unprocessable Entity
The request body contains semantic errors. This is typically caused by incorrect formatting, omitting required fields, or logical errors such as initiating a checkout for an out-of-stock product.
429 Too Many Requests
The client has exceeded the rate limit.
5xx Errors
An internal error occurred in Shopify. Check out the Shopify status page for more information.
Didn’t find the status code you’re looking for? View the complete list of API status response and error codes.