seka19 / basic-shopify-api
A basic Shopify API wrapper with REST and GraphQL support.
Requires
- php: >=7.1.0
- guzzlehttp/guzzle: ^6.3
- guzzlehttp/promises: ^1.3
- psr/log: ^1.1
Requires (Dev)
- phpdocumentor/phpdocumentor: 2.*
- phpunit/phpunit: ^6.2
- squizlabs/php_codesniffer: ^3.0
- dev-fix-logging
- v8.2.0
- v8.1.0
- v8.0.0
- v7.0.0
- v6.2.0
- v6.1.6
- v6.1.5
- v6.1.4
- v6.1.3
- v6.1.2
- v6.1.1
- v6.1.0
- v6.0.0
- v5.4.0
- v5.3.3
- v5.3.2
- v5.3.1
- v5.3.0
- v5.1.0
- v5.0.0
- v4.0.2
- v4.0.1
- v4.0.0
- v3.0.3
- v3.0.2
- v3.0.1
- v3.0.0
- v2.0.0
- v1.0.1
- v1.0.0
- dev-develop
- dev-fix-request-verification-2
- dev-master
- dev-fix-request-verification
- dev-rewrite
This package is auto-updated.
Last update: 2025-03-10 20:14:03 UTC
README
A simple, tested, API wrapper for Shopify using Guzzle. It supports both the REST and GraphQL API provided by Shopify, and basic rate limiting abilities. It contains helpful methods for generating a installation URL, an authorize URL (offline and per-user), HMAC signature validation, call limits, and API requests. It works with both OAuth and private API apps.
Also supported: asynchronous requests through Guzzle's promises.
This library required PHP >= 7.
Table of Contents
- Installation
- Usage
- Documentation
- LICENSE
Installation
The recommended way to install is through composer.
$ composer require ohmybrew/basic-shopify-api
Usage
Add use OhMyBrew\BasicShopifyAPI; to your imports.
Public API
This assumes you properly have your app setup in the partner's dashboard with the correct keys and redirect URIs.
REST (sync)
For REST calls, the shop domain and access token are required.
$api = new BasicShopifyAPI(); $api->setVersion('2019-04'); // "YYYY-MM" or "unstable" $api->setShop('your shop here'); $api->setAccessToken('your token here'); // Now run your requests... $resul = $api->rest(...);
REST (async)
For REST calls, the shop domain and access token are required.
$api = new BasicShopifyAPI(); $api->setVersion('2019-04'); // "YYYY-MM" or "unstable" $api->setShop('your shop here'); $api->setAccessToken('your token here'); // Now run your requests... $promise = $api->restAsync(...); $promise->then(function ($result) { // ... });
GraphQL
For GraphQL calls, the shop domain and access token are required.
$api = new BasicShopifyAPI(); $api->setVersion('2019-04'); // "YYYY-MM" or "unstable" $api->setShop('your shop here'); $api->setAccessToken('your token here'); // Now run your requests... $api->graph(...);
Getting access (offline)
This is the default mode which returns a permanent token.
After obtaining the user's shop domain, to then direct them to the auth screen use getAuthUrl, as example (basic PHP):
$api = new BasicShopifyAPI(); $api->setVersion('2019-04'); // "YYYY-MM" or "unstable" $api->setShop($_SESSION['shop']); $api->setApiKey(env('SHOPIFY_API_KEY')); $api->setApiSecret(env('SHOPIFY_API_SECRET')); $code = $_GET['code']; if (!$code) { /** * No code, send user to authorize screen * Pass your scopes as an array for the first argument * Pass your redirect URI as the second argument */ $redirect = $api->getAuthUrl(env('SHOPIFY_API_SCOPES'), env('SHOPIFY_API_REDIRECT_URI')); header("Location: {$redirect}"); exit; } else { // We now have a code, lets grab the access token $api->requestAndSetAccess($code); // Above is equiv. to: // // $access = $api->requestAccess($code); // $api->setAccessToken($access->access_token); // // You can use: $api->getAccessToken() and set it into the database or a cookie, etc // You can now make API callsn` $request = $api->rest('GET', '/admin/shop.json'); // or GraphQL }
Getting access (per-user)
You can also change the grant mode to be per-user as outlined in Shopify documentation. This will receieve user info from the user of the app within the Shopify store. The token recieved will expire at a specific time.
$api = new BasicShopifyAPI(); $api->setVersion('2019-04'); // "YYYY-MM" or "unstable" $api->setShop($_SESSION['shop']); $api->setApiKey(env('SHOPIFY_API_KEY')); $api->setApiSecret(env('SHOPIFY_API_SECRET')); $code = $_GET['code']; if (!$code) { /** * No code, send user to authorize screen * Pass your scopes as an array for the first argument * Pass your redirect URI as the second argument * Pass your grant mode as the third argument */ $redirect = $api->getAuthUrl(env('SHOPIFY_API_SCOPES'), env('SHOPIFY_API_REDIRECT_URI'), 'per-user'); header("Location: {$redirect}"); exit; } else { // We now have a code, lets grab the access object $api->requestAndSetAccess($code); // Above is equiv. to: // // $access = $api->requestAccess($code); // $api->setAccessToken($access->access_token); // $api->setUser($access->associated_user) // // You can use: $api->getAccessToken() and set it into a cookie, etc // You can also get user details with: $api->getUser(), example: $api->getUser()->email // You can now make API calls $request = $api->rest('GET', '/admin/shop.json'); // or GraphQL }
Verifying HMAC signature
Simply pass in an array of GET params.
// Will return true or false if HMAC signature is good. $valid = $api->verifyRequest($_GET);
Private API
This assumes you properly have your app setup in the partner's dashboard with the correct keys and redirect URIs.
REST
For REST (sync) calls, shop domain, API key, and API password are request
$api = new BasicShopifyAPI(true); // true sets it to private $api->setVersion('2019-04'); // "YYYY-MM" or "unstable" $api->setShop('example.myshopify.com'); $api->setApiKey('your key here'); $api->setApiPassword('your password here'); // Now run your requests... $result = $api->rest(...);
GraphQL
For GraphQL calls, shop domain and API password are required.
$api = new BasicShopifyAPI(true); // true sets it to private $api->setVersion('2019-04'); // "YYYY-MM" or "unstable" $api->setShop('example.myshopify.com'); $api->setApiPassword('your password here'); // Now run your requests... $api->graph(...);
Making requests
REST
Requests are made using Guzzle.
$api->rest(string $type, string $path, array $params = null, array $headers = [], bool $sync = true);
typerefers to GET, POST, PUT, DELETE, etcpathrefers to the API path, example:/admin/products/1920902.jsonparamsrefers to an array of params you wish to pass to the path, examples:['handle' => 'cool-coat']headersrefers to an array of custom headers you would like to optionally send with the request, example:['X-Shopify-Test' => '123']syncrefers to if the request should be synchronous or asynchronous.
You can use the alias restAsync to skip setting sync to false.
If sync is true (regular rest call):
The return value for the request will be an object containing:
responsethe full Guzzle response objectbodythe JSON decoded response body
Note: request() will alias to rest() as well.
If sync is false (restAsync call):
The return value for the request will be a Guzzle promise which you can handle on your own.
The return value for the promise will be an object containing:
responsethe full Guzzle response objectbodythe JSON decoded response body
$promise = $api->restAsync(...); $promise->then(function ($result) { // `response` and `body` available in `$result`. });
GraphQL
Requests are made using Guzzle.
$api->graph(string $query, array $variables = []);
queryrefers to the full GraphQL queryvariablesrefers to the variables used for the query (if any)
The return value for the request will be an object containing:
responsethe full Guzzle response objectbodythe JSON decoded response bodyerrorsif there was errors or not
Example query:
$result = $api->graph('{ shop { productz(first: 1) { edges { node { handle, id } } } } }'); echo $result->body->shop->products->edges[0]->node->handle; // test-product
Example mutation:
$result = $api->graph( 'mutation collectionCreate($input: CollectionInput!) { collectionCreate(input: $input) { userErrors { field message } collection { id } } }', ['input' => ['title' => 'Test Collection']] ); echo $result->body->collectionCreate->collection->id; // gid://shopify/Collection/63171592234
API Versioning
This library supports versioning the requests, example:
$api = new BasicShopifyAPI(true); $api->setVersion('2019-04'); // "YYYY-MM" or "unstable" // ... your code
You can override the versioning at anytime for specific API requests, example:
$api = new BasicShopifyAPI(true); $api->setVersion('2019-04'); $api->rest('GET', '/admin/api/unstable/shop.json'); // Will ignore "2019-04" version and use "unstable" for this request // ... your code
Checking API limits
After each request is made, the API call limits are updated. To access them, simply use:
// Returns an array of left, made, and limit. // Example: ['left' => 79, 'made' => 1, 'limit' => 80] $limits = $api->getApiCalls('rest'); // or 'graph'
For GraphQL, additionally there will be the following values: restoreRate, requestedCost, actualCost.
To quickly get a value, you may pass an optional parameter to the getApiCalls method:
// As example, this will return 79 // You may pass 'left', 'made', or 'limit' $left = $api->getApiCalls('graph', 'left'); // returns 79 // or $left = $api->getApiCalls('graph')['left']; // returns 79
Rate Limiting
This library comes with a built-in basic rate limiter, disabled by default. It will sleep for x microseconds to ensure you do not go over the limit for calls with Shopify. On non-Plus plans, you get 1 call every 500ms (2 calls a second), for Plus plans you get 2 calls every 500ms (4 calls a second).
By default the cycle is set to 500ms, with a buffer for safety of 100ms added on.
Enable Rate Limiting
Setup your API instance as normal, with an added:
$api->enableRateLimiting();
This will turn on rate limiting with the default 500ms cycle and 100ms buffer. To change this, do the following:
$api->enableRateLimiting(0.25 * 1000, 0);
This will set the cycle to 250ms and 0ms buffer.
Disabiling Rate Limiting
If you've previously enabled it, you simply need to run:
$api->disableRateLimiting();
Checking Rate Limiting Status
$api->isRateLimitingEnabled();
page_info / pagination Support
2019-07 API version introduced a new Link header which is used for pagination (explained here).
If an endpoint supports page_info, you can use $response->link to grab the page_info value to pass in your next request.
Example:
$response = $api->rest('GET', '/admin/products.json', ['limit' => 5]); $link = $response->link->next; // eyJsYXN0X2lkIjo0MDkw $link2 = $response->link->previous; // dkUIsk00wlskWKl $response = $api->rest('GET', '/admin/products.json', ['limit' => 5, 'page_info' => $link]);
Getting Timestamps
The library will track timestamps from the previous and current (last) call. To see information on this:
$response = $api->rest('POST', '/admin/gift_cards.json', ['gift_cards' => ['initial_value' => 25.00]]); print_r($response->timestamps); /* Above will return an array of [previous call, current (last) call], example: * [1541119962.965, 1541119963.3121] */
Isolated API calls
You can initialize the API once and use it for multiple shops. Each instance will be contained to not pollute the others. This is useful for something like background job processing.
$api->withSession(string $shop, string $accessToken, Closure $closure);
shoprefers to the Shopify domainaccessTokenrefers to the access token for the API callsclosurerefers to the closure to call for the session
$this will be binded to the current API. Example:
$api = new BasicShopifyAPI(true); $api->setVersion('2019-04'); // "YYYY-MM" or "unstable" $api->setApiKey('your key here'); $api->setApiPassword('your password here'); $api->withSession('some-shop.myshopify.com', 'token from database?', function() { $request = $this->rest('GET', '/admin/shop.json'); echo $request->body->shop->name; // Some Shop }); $api->withSession('some-shop-two.myshopify.com', 'token from database?', function() { $request = $this->rest('GET', '/admin/shop.json'); echo $request->body->shop->name; // Some Shop Two });
Errors
This library internally catches only 400-500 status range errors through Guzzle. You're able to check for an error of this type and get its response status code and body.
$call = $api->rest('GET', '/admin/non-existant-route-or-object.json'); if ($call->errors) { echo "Oops! {$call->status} error"; var_dump($call->body); // Original exception can be accessed via `$call->exception` // Example, if response body was `{"error": "Not found"}`... /// then: `$call->body` would return "Not Found" }
Logging
This library accepts a PSR-compatible logger.
$api->setLogger(... your logger instance ...);
Documentation
Code documentation is available here from phpDocumentor via phpdoc -d src -t doc.
LICENSE
This project is released under the MIT license.