Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Lightweight object-oriented PHP (JSON) client for the Shopify API
#9 Compare This branch is 20 commits ahead, 4 commits behind notmaintained:master.
Latest commit 668a467 @cmcdonaldca Merge pull request #5 from mycrom/master
If method passed a complete http query only validate the components that Shopify creates the sig on


Lightweight multi-paradigm PHP (JSON) client for the Shopify API.


Getting Started

Basic needs for authorization and redirecting


    require 'shopify.php';
    if (isset($_GET['code'])) { // if the code param has been sent to this page... we are in Step 2
        // Step 2: do a form POST to get the access token
        $shopifyClient = new ShopifyClient($_GET['shop'], "", SHOPIFY_API_KEY, SHOPIFY_SECRET);

        // Now, request the token and store it in your session.
        $_SESSION['token'] = $shopifyClient->getAccessToken($_GET['code']);
        if ($_SESSION['token'] != '')
            $_SESSION['shop'] = $_GET['shop'];

        header("Location: index.php");
    // if they posted the form with the shop name
    else if (isset($_POST['shop'])) {

        // Step 1: get the shopname from the user and redirect the user to the
        // shopify authorization page where they can choose to authorize this app
        $shop = isset($_POST['shop']) ? $_POST['shop'] : $_GET['shop'];
        $shopifyClient = new ShopifyClient($shop, "", SHOPIFY_API_KEY, SHOPIFY_SECRET);

        // get the URL to the current page
        $pageURL = 'http';
        if ($_SERVER["HTTPS"] == "on") { $pageURL .= "s"; }
        $pageURL .= "://";
        if ($_SERVER["SERVER_PORT"] != "80") {
        } else {
            $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];

        // redirect to authorize url
        header("Location: " . $shopifyClient->getAuthorizeUrl(SHOPIFY_SCOPE, $pageURL));

    // first time to the page, show the form below
    <p>Install this app in a shop to get access to its private admin data.</p> 

    <p style="padding-bottom: 1em;">
        <span class="hint">Don&rsquo;t have a shop to install your app in handy? <a href="">Create a test shop.</a></span>

    <form action="" method="post">
      <label for='shop'><strong>The URL of the Shop</strong> 
        <span class="hint">(enter it exactly like this:</span> 
        <input id="shop" name="shop" size="45" type="text" value="" /> 
        <input name="commit" type="submit" value="Install" /> 

Once you have authorized and stored the token in the session, you can make API calls

Making API calls:


    require 'shopify.php';

    $sc = new ShopifyClient($_SESSION['shop'], $_SESSION['token'], $api_key, $secret);

        // Get all products
        $products = $sc->call('GET', '/admin/products.json', array('published_status'=>'published'));

        // Create a new recurring charge
        $charge = array
                "name"=>"Super Duper Plan",

            $recurring_application_charge = $sc->call('POST', '/admin/recurring_application_charges.json', $charge);

            // API call limit helpers
            echo $sc->callsMade(); // 2
            echo $sc->callsLeft(); // 498
            echo $sc->callLimit(); // 500

        catch (ShopifyApiException $e)
            // If you're here, either HTTP status code was >= 400 or response contained the key 'errors'

    catch (ShopifyApiException $e)
         $e->getMethod() -> http method (GET, POST, PUT, DELETE)
         $e->getPath() -> path of failing request
         $e->getResponseHeaders() -> actually response headers from failing request
         $e->getResponse() -> curl response object
         $e->getParams() -> optional data that may have been passed that caused the failure

    catch (ShopifyCurlException $e)
        // $e->getMessage() returns value of curl_errno() and $e->getCode() returns value of curl_ error()

When receiving requests from the Shopify API, validate the signature value:


    $sc = new ShopifyClient($_GET['shop'], '', SHOPIFY_API_KEY, SHOPIFY_SECRET);

        die('Error: invalid signature.');

Something went wrong with that request. Please try again.