The latest release of shopify_api is v9. The main branch of this repo reflects the upcoming v10 release, which has some major changes. If you’re looking for the documentation / instructions for v9, you can find them in this branch.
This library provides support for Ruby Shopify apps to access the Shopify Admin API, by making it easier to perform the following actions:
- Creating online or offline access tokens for the Admin API via OAuth
- Making requests to the REST API
- Making requests to the GraphQL API
- Registering/processing webhooks
In addition to the Admin API, this library also allows querying the Storefront API.
You can use this library in any application that has a Ruby backend, since it doesn't rely on any specific framework — you can include it alongside your preferred stack and use the features that you need to build your app.
To follow these usage guides, you will need to:
- have a working knowledge of ruby and a web framework such as Rails or Sinatra
- have a Shopify Partner account and development store
- OR have a test store where you can create a private app
- have an app already set up in your test store or partner account
- use ngrok to create a secure tunnel to your app running on your localhost
- add the
ngrokURL and the appropriate redirect for your OAuth callback route to your app settings
Add the following to your Gemfile:
gem "shopify_api"or use bundler:
bundle add shopify_apiStart by initializing the ShopifyAPI::Context with the parameters of your app by calling ShopifyAPI::Context.setup (example below) when your app starts (e.g application.rb in a Rails app).
ShopifyAPI::Context.setup(
api_key: "<api-key>",
api_secret_key: "<api-secret-key>",
host_name: "<application-host-name>",
scope: "read_orders,read_products,etc",
session_storage: ShopifyAPI::Auth::FileSessionStorage.new, # See more details below
is_embedded: true, # Set to true if you are building an embedded app
is_private: false, # Set to true if you are building a private app
api_version: "2022-01" # The vesion of the API you would like to use
)In order for the Shopify API gem to properly store sessions it needs an implementation of ShopifyAPI::Auth::SessionStorage. We provide one implementation in the gem, ShopifyAPI::Auth::FileSessionStorage, which is suitable for testing/development, but isn't intended for production apps. See the Session Storage doc for instructions on how to create a custom session store for a production application.
Session information would is typically stored in cookies on the browser. However, due to restrictions with modern browsers we highly discourage using cookies for embedded apps. For this reason, an app needs to define a storage implementation that the library can use to store and retrieve a session given its ID. In a non-embedded app this ID will come from a cookie, whereas in an embedded app this ID will come from App Bridge.
Next, unless you are making a private app, you need to go through OAuth as described here to create sessions for shops using your app. The Shopify API gem tries to make this easy by providing functions to begin and complete the OAuth process. See the Oauth doc for instructions on how to use these.
If you intend to use webhooks in your application follow the steps in the Webhooks doc for instructions on registering and handling webhooks.
Once your app can perform OAuth, it can now make authenticated Shopify API calls using the Admin REST or GraphQL Clients, or the Storefront API GraphQL Client.
We've rewritten this library for v10, so that it provides all essential features for a Shopify app without requiring any other packages.
Here are the main features it provides:
- OAuth support, both with online and offline tokens.
- Full, transparent support for JWT sessions for embedded apps and cookies for non-embedded ones.
- Removal of support for 3rd party cookies which are increasingly more difficult to use with modern browsers.
- Admin API support
- Auto-generated, version-specific REST resources which are similar to
ActiveResource(though not identical), that provide methods for all endpoints defined in our REST API reference, as well as direct definition of known attributes. - A GraphQL client that doesn't rely on the ActiveResource implementation for REST.
- Auto-generated, version-specific REST resources which are similar to
- Webhook management, with features for adding handlers and registering them with Shopify.
- Storefront GraphQL API support
Please refer to the documentation in this repository for instructions on how to use each of these components.
With this, a lot changed in how apps access the library. Here are the updates you should make when migrating to v10:
-
Call
ShopifyAPI::Context.setupwhen setting up your app. This class holds global configurations for your app and defines how the library behaves. -
If not using the
shopify_appgem, your app needs to provide an implementation ofShopifyAPI::Auth::SessionStoragefor production. Read more about this in our documentation. -
To change the
User-Agentheader, useuser_agent_prefixinShopifyAPI::Context.setup. -
Usages of the
ActiveResourceclasses for REST API requests need to be refactored into the new format. You can find detailed examples on how each of the endpoints work in our reference documentation.Please see below a (non-exhaustive) list of common replacements to guide you in your updates, using the
Orderresource as an example.Before After Order.find(:all, params: {param1: value1})Order.all(param1: value1, session:)Order.find(<id>)Order.find(id: <id>, session:)order = Order.new(<id>)order.post(:close)order = Order.new(session:)order.close()order = Order.new(<id>)order.deleteOrder.delete(id: <id>, session:)
Version 7.0.0 introduced ApiVersion, and known versions were hardcoded into the gem. Manually defining API versions is no longer required for versions not listed in the gem. Version 8.0.0 removes the following:
ShopifyAPI::ApiVersion::UnstableShopifyAPI::ApiVersion::ReleaseShopifyAPI::ApiVersion.define_version
The following methods on ApiVersion have been deprecated:
.coerce_to_versiondeprecated. use.find_version.define_known_versionsdeprecated. Use.fetch_known_versions.clear_defined_versionsdeprecated. Use..clear_known_versions.latest_stable_versiondeprecated. UseShopifyAPI::Meta.admin_versions.find(&:latest_supported)(this fetches info from Shopify servers. No authentication required.)#namedeprecated. Use#handle#stable?deprecated. Use#supported?
Version 8.0.0 introduces a version lookup mode. By default, ShopifyAPI::ApiVersion.version_lookup_mode is :define_on_unknown. When setting the api_version on Session or Base, the api_version attribute takes a version handle (i.e. '2019-07' or :unstable) and sets an instance of ShopifyAPI::ApiVersion matching the handle. When the version_lookup_mode is set to :define_on_unknown, any handle will naïvely create a new ApiVersion if the version is not in the known versions returned by ShopifyAPI::ApiVersion.versions.
To ensure you're setting only known and active versions, call :
ShopifyAPI::ApiVersion.version_lookup_mode = :raise_on_unknown
ShopifyAPI::ApiVersion.fetch_known_versionsKnown and active versions are fetched from https://app.shopify.com/services/apis.json and cached. Trying to use a version outside this cached set will raise an error. To switch back to naïve lookup and create a version if one is not found, call ShopifyAPI::ApiVersion.version_lookup_mode = :define_on_unknown.
When creating sessions, api_versionis now required and uses keyword arguments.
To upgrade your use of ShopifyAPI you will need to make the following changes.
ShopifyAPI::Session.new(domain, token, extras)is now
ShopifyAPI::Session.new(domain: domain, token: token, api_version: api_version, extras: extras)Note extras is still optional. The other arguments are required.
ShopifyAPI::Session.temp(domain, token, extras) do
...
endis now
ShopifyAPI::Session.temp(domain: domain, token: token, api_version: api_version) do
...
endFor example, if you want to use the 2019-04 version, you will create a session like this:
session = ShopifyAPI::Session.new(domain: domain, token: token, api_version: '2019-04')if you want to use the unstable version, you will create a session like this:
session = ShopifyAPI::Session.new(domain: domain, token: token, api_version: :unstable)If you have defined or customized Resources, classes that extend ShopifyAPI::Base:
The use of self.prefix = has been deprecated; you should now use self.resource = and not include /admin.
For example, if you specified a prefix like this before:
class MyResource < ShopifyAPI::Base
self.prefix = '/admin/shop/'
endYou will update this to:
class MyResource < ShopifyAPI::Base
self.resource_prefix = 'shop/'
endIf you have specified any full paths for API calls in find
def self.current(options={})
find(:one, options.merge(from: "/admin/shop.#{format.extension}"))
endwould be changed to
def self.current(options = {})
find(:one, options.merge(
from: api_version.construct_api_path("shop.#{format.extension}")
))
end- OAuth URLs for
authorize, getting theaccess_tokenfrom a code,access_scopes, and using arefresh_tokenhave not changed.- get:
/admin/oauth/authorize - post:
/admin/oauth/access_token - get:
/admin/oauth/access_scopes
- get:
- URLs for the merchant’s web admin have not changed. For example: to send the merchant to the product page the url is still
/admin/product/<id>
After cloning the repository, you can install the dependencies with bundler:
bundle installTo run the automated tests:
bundle exec rake testWe use rubocop to lint/format the code. You can run it with the following command:
bundle exec rubocop