The Admin API lets you build apps and integrations that extend and enhance the Shopify admin.
Some newer platform features may only be available in GraphQL.
Use Shopify’s officially supported libraries to build fast, reliable apps with the programming languages and frameworks you already know.
All REST Admin API queries require a valid Shopify access token.
Public and custom apps created in the Dev Dashboard generate tokens using OAuth, and custom apps made in the Shopify admin are authenticated in the Shopify admin. To simplify the authentication process, use one of the recommended Shopify client libraries.
Include your token as a X-Shopify-Access-Token header on all API queries. Using Shopify’s supported client libraries can simplify this process.
To keep the platform secure, apps need to request specific access scopes during the install process. Only request as much data access as your app needs to work.
Learn more about getting started with authentication and building apps.
Admin REST API endpoints are organized by resource type. You’ll need to use different endpoints depending on your app’s requirements.
All Admin REST API endpoints follow this pattern:
https://{store_name}.myshopify.com/admin/api/2026-01/{resource}.json
Create a new product.
This example illustrates how to create a new product using the Product resource and the /admin/api/2026-01/products.json endpoint. Replace {store_name} with your store’s domain and {access_token} with the access token you generated in the Authentication section.
Retrieve a single product.
This example illustrates how to retrieve information for a single product using the Product resource and the admin/api/2026-01/products/{product_id}.json endpoint. Replace {store_name} with your store’s domain and {access_token} with the access token you generated in the Authentication section.
Update a product.
This example illustrates how to update a product using the Product resource and the admin/api/2026-01/products/{product_id}.json endpoint. Replace {store_name} with your store’s domain and {access_token} with the access token you generated in the Authentication section.
Delete a product.
This example illustrates how to delete a product using the Product resource and the admin/api/2026-01/products/{product_id}.json endpoint. Replace {store_name} with your store’s domain and {access_token} with the access token you generated in the Authentication section.
The REST Admin API supports a limit of 40 requests per app per store per minute. This allotment replenishes at a rate of 2 requests per second. The rate limit is increased by a factor of 10 for Shopify Plus stores.
REST Admin API supports a limit of 40 requests per app per store per minute.
Past the limit, the API will return a 429 Too Many Requests error.
All REST API responses include the X-Shopify-Shop-Api-Call-Limit header, which shows how many requests the client has made, and the total number allowed per minute.
A 429 response will also include a Retry-After header with the number of seconds to wait until retrying your query.
Learn more about rate limits.
All API queries return HTTP status codes that can tell you more about the response.
The client doesn’t have correct authentication credentials.
The shop is frozen. The shop owner will need to pay the outstanding balance to unfreeze the shop.
The server is refusing to respond. This is typically caused by incorrect access scopes.
The requested resource was not found but could be available again in the future.
The request body contains semantic errors. This is typically caused by incorrect formatting, omitting required fields, or logical errors such as initiating a checkout for an out-of-stock product.
The client has exceeded the rate limit.
An internal error occurred in Shopify. Check out the Shopify status page for more information.
Didn’t find the status code you’re looking for?