Skip to content
ShopifyAPI is a lightweight gem for accessing the Shopify admin REST web services.
Ruby
Latest commit af82552 Apr 25, 2016 @kevinhughes27 kevinhughes27 Merge pull request #257 from boddhisattva/update-readme
Add link to help setup app and generate required credentials in README
Failed to load latest commit information.
bin Removes pry and thor dependencies Mar 25, 2015
lib Merge pull request #256 from julionc/customers/account_activation_url Apr 19, 2016
test Merge pull request #256 from julionc/customers/account_activation_url Apr 19, 2016
.document Initial commit to shopify_api. Jun 12, 2009
.gitignore Ignore JetBrains-based editor files. Jul 6, 2015
.travis.yml only test AR 5.0 on recent Ruby Mar 7, 2016
CHANGELOG updating the Changelog Mar 7, 2016
CONTRIBUTING.md update copy Oct 27, 2015
CONTRIBUTORS Moved attribution to a seperate file to avoid cluttering the code. Sep 23, 2011
Gemfile Fix bundle update on the Gemfile in travis. May 5, 2015
Gemfile_ar30 Add .travis.yml for multi-testing and notifications to flowdock and f… Dec 12, 2013
Gemfile_ar31 Uses rails 4.2 compatible threadsafe branch of AR Jan 9, 2015
Gemfile_ar32 Uses rails 4.2 compatible threadsafe branch of AR Jan 9, 2015
Gemfile_ar40threadsafe Uses rails 4.2 compatible threadsafe branch of AR Jan 9, 2015
Gemfile_ar42threadsafe Uses rails 4.2 compatible threadsafe branch of AR Jan 9, 2015
Gemfile_ar50 adding gemfile for ActiveResource 5.0 Mar 7, 2016
LICENSE Updated README and added most recent shopify_api.rb from Shopify. Jun 12, 2009
README.md Add link to help setup app and generate required credentials Apr 24, 2016
RELEASING Include library versions in user-agent header. Mar 11, 2012
Rakefile Add Gemfile and add bundler/gem_tasks to rake Oct 28, 2013
shipit.rubygems.yml deploy using shipit default recipe May 27, 2014
shopify_api.gemspec Escape ampersand in params or equal in keys before signing with hmac. May 12, 2015

README.md

Build Status

Shopify API

The Shopify API gem allows Ruby developers to programmatically access the admin section of Shopify stores.

The API is implemented as JSON over HTTP using all four verbs (GET/POST/PUT/DELETE). Each resource, like Order, Product, or Collection, has its own URL and is manipulated in isolation. In other words, we’ve tried to make the API follow the REST principles as much as possible.

Usage

Requirements

All API usage happens through Shopify applications, created by either shop owners for their own shops, or by Shopify Partners for use by other shop owners:

For more information and detailed documentation about the API visit http://api.shopify.com

Installation

To easily install or upgrade to the latest release, use gem

gem install shopify_api

Getting Started

ShopifyAPI uses ActiveResource to communicate with the REST web service. ActiveResource has to be configured with a fully authorized URL of a particular store first. To obtain that URL you can follow these steps:

  1. First create a new application in either the partners admin or your store admin. For a private App you'll need the API_KEY and the PASSWORD otherwise you'll need the API_KEY and SHARED_SECRET.

    If you're not sure how to create a new application in the partner/store admin and/or if you're not sure how to generate the required credentials, you can read the related shopify docs on the same.

  2. For a private App you just need to set the base site url as follows:

    shop_url = "https://#{API_KEY}:#{PASSWORD}@SHOP_NAME.myshopify.com/admin"
    ShopifyAPI::Base.site = shop_url

    That's it, you're done, skip to step 6 and start using the API!

    For a partner app you will need to supply two parameters to the Session class before you instantiate it:

    ShopifyAPI::Session.setup({:api_key => API_KEY, :secret => SHARED_SECRET})
  3. In order to access a shop's data, apps need an access token from that specific shop. This is a two-stage process. Before interacting with a shop for the first time an app should redirect the user to the following URL:

    GET https://SHOP_NAME.myshopify.com/admin/oauth/authorize
    

    with the following parameters:

    • client_id– Required – The API key for your app
    • scope – Required – The list of required scopes (explained here: http://docs.shopify.com/api/tutorials/oauth)
    • redirect_uri – Required – The URL where you want to redirect the users after they authorize the client. The complete URL specified here must be identical to one of the Application Redirect URLs set in the App's section of the Partners dashboard. Note: in older applications, this parameter was optional, and redirected to the Application Callback URL when no other value was specified.
    • state – Optional – A randomly selected value provided by your application, which is unique for each authorization request. During the OAuth callback phase, your application must check that this value matches the one you provided during authorization. This mechanism is important for the security of your application.

    We've added the create_permission_url method to make this easier, first instantiate your session object:

    session = ShopifyAPI::Session.new("SHOP_NAME.myshopify.com")

    Then call:

    scope = ["write_products"]
    permission_url = session.create_permission_url(scope)

    or if you want a custom redirect_uri:

    permission_url = session.create_permission_url(scope, "https://my_redirect_uri.com")
  4. Once authorized, the shop redirects the owner to the return URL of your application with a parameter named 'code'. This is a temporary token that the app can exchange for a permanent access token.

    Before you proceed, make sure your application performs the following security checks. If any of the checks fails, your application must reject the request with an error, and must not proceed further.

    • Ensure the provided state is the same one that your application provided to Shopify during Step 3.
    • Ensure the provided hmac is valid. The hmac is signed by Shopify as explained below, in the Verification section.
    • Ensure the provided hostname parameter is a valid hostname, ends with myshopify.com, and does not contain characters other than letters (a-z), numbers (0-9), dots, and hyphens.

    If all security checks pass, the authorization code can be exchanged once for a permanent access token. The exchange is made with a request to the shop.

    POST https://SHOP_NAME.myshopify.com/admin/oauth/access_token
    

    with the following parameters:

    • client_id – Required – The API key for your app
    • client_secret – Required – The shared secret for your app
    • code – Required – The token you received in step 3

    and you'll get your permanent access token back in the response.

    There is a method to make the request and get the token for you. Pass all the params received from the previous call and the method will verify the params, extract the temp code and then request your token:

    token = session.request_token(params)

    This method will save the token to the session object and return it. For future sessions simply pass the token in when creating the session object:

    session = ShopifyAPI::Session.new("SHOP_NAME.myshopify.com", token)
  5. The session must be activated before use:

    ShopifyAPI::Base.activate_session(session)
  6. Now you're ready to make authorized API requests to your shop! Data is returned as ActiveResource instances:

    shop = ShopifyAPI::Shop.current
    
    # Get a specific product
    product = ShopifyAPI::Product.find(179761209)
    
    # Create a new product
    new_product = ShopifyAPI::Product.new
    new_product.title = "Burton Custom Freestlye 151"
    new_product.product_type = "Snowboard"
    new_product.vendor = "Burton"
    new_product.save
    
    # Update a product
    product.handle = "burton-snowboard"
    product.save

    Alternatively, you can use #temp to initialize a Session and execute a command which also handles temporarily setting ActiveResource::Base.site:

    products = ShopifyAPI::Session.temp("SHOP_NAME.myshopify.com", token) { ShopifyAPI::Product.find(:all) }
  7. If you want to work with another shop, you'll first need to clear the session:

    ShopifyAPI::Base.clear_session

Console

This package also supports the shopify-cli executable to make it easy to open up an interactive console to use the API with a shop.

  1. Install the shopify_cli gem.
gem install shopify_cli
  1. Obtain a private API key and password to use with your shop (step 2 in "Getting Started")

  2. Use the shopify-cli script to save the credentials for the shop to quickly log in.

    shopify-cli add yourshopname

    Follow the prompts for the shop domain, API key and password.

  3. Start the console for the connection.

    shopify-cli console
  4. To see the full list of commands, type:

    shopify-cli help

Threadsafety

ActiveResource is inherently non-threadsafe, because class variables like ActiveResource::Base.site and ActiveResource::Base.headers are shared between threads. This can cause conflicts when using threaded libraries, like Sidekiq.

We have a forked version of ActiveResource that stores these class variables in threadlocal variables. Using this forked version will allow ShopifyAPI to be used in a threaded environment.

To enable threadsafety with ShopifyAPI, add the following to your Gemfile. There are various threadsafe tags that you can use, depending on which version of rails you are using.

gem 'activeresource', git: 'git://github.com/Shopify/activeresource', tag: '4.2-threadsafe'
gem 'shopify_api', '>= 3.2.1'

Using Development Version

Download the source code and run:

rake install

Additional Resources

API Docs: http://docs.shopify.com/api

Ask questions on the forums: http://ecommerce.shopify.com/c/shopify-apis-and-technology

Copyright

Copyright (c) 2014 "Shopify Inc.". See LICENSE for details.

Something went wrong with that request. Please try again.