The Admin API lets you build apps and integrations that extend and enhance the Shopify admin.
This page will help you get up and running with Shopify’s GraphQL API.
Use Shopify’s officially supported libraries to build fast, reliable apps with the programming languages and frameworks you already know.
All GraphQL Admin API requests require a valid Shopify access token. If you use Shopify’s client libraries, then this will be done for you. Otherwise, you should include your token as a X-Shopify-Access-Token header on all GraphQL requests.
Public and custom apps created in the Dev Dashboard generate tokens using OAuth, and custom apps made in the Shopify admin are authenticated in the Shopify admin.
To keep the platform secure, apps need to request specific access scopes during the install process. Only request as much data access as your app needs to work.
Learn more about getting started with authentication and building apps.
GraphQL queries are executed by sending POST HTTP requests to the endpoint:
https://{store_name}.myshopify.com/admin/api/2026-01/graphql.json
Queries begin with one of the objects listed under QueryRoot. The QueryRoot is the schema’s entry-point for queries.
Queries are equivalent to making a GET request in REST. The example shown is a query to get the ID and title of the first three products.
Learn more about API usage.
The GraphQL Admin API is rate-limited using calculated query costs, measured in cost points. Each field returned by a query costs a set number of points. The total cost of a query is the maximum of possible fields selected, so more complex queries cost more to run.
Learn more about rate limits.
All API queries return HTTP status codes that contain more information about the response.
GraphQL HTTP status codes are different from REST API status codes. Most importantly, the GraphQL API can return a 200 OK response code in cases that would typically produce 4xx or 5xx errors in REST.
The response for the errors object contains additional detail to help you debug your operation.
The response for mutations contains additional detail to help debug your query. To access this, you must request userErrors.
Properties
A list of all errors returned
Contains details about the error(s).
Provides more information about the error(s) including properties and metadata.
Shows error codes common to Shopify. Additional error codes may also be shown.
The client has exceeded the rate limit. Similar to 429 Too Many Requests.
The client doesn’t have correct authentication credentials. Similar to 401 Unauthorized.
The shop is not active. This can happen when stores repeatedly exceed API rate limits or due to fraud risk.
Shopify experienced an internal error while processing the request. This error is returned instead of 500 Internal Server Error in most circumstances.
The 4xx and 5xx errors occur infrequently. They are often related to network communications, your account, or an issue with Shopify’s services.
Many errors that would typically return a 4xx or 5xx status code, return an HTTP 200 errors response instead. Refer to the 200 OK section above for details.
The 4xx and 5xx errors occur infrequently. They are often related to network communications, your account, or an issue with Shopify’s services.
Many errors that would typically return a 4xx or 5xx status code, return an HTTP 200 errors response instead. Refer to the 200 OK section above for details.
The server will not process the request.
The shop is frozen. The shop owner will need to pay the outstanding balance to unfreeze the shop.
The shop is forbidden. Returned if the store has been marked as fraudulent.
The resource isn’t available. This is often caused by querying for something that’s been deleted.
The shop isn’t available. This can happen when stores repeatedly exceed API rate limits or due to fraud risk.
An internal error occurred in Shopify. Check out the Shopify status page for more information.