shopify_api 9.1.0 → 9.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 804a52526373349e4da9f5249ff582dd1db990d90d7c5fad2e8d9b583e2f6aec
4
- data.tar.gz: bbb77f50eb52c41e5bfed274031a35c1547a0c583880329410e7c27c647fa15b
3
+ metadata.gz: a94054d46eddff2f1542b29cdeb98059af5f8adc0ebab2fd939e259ebb588628
4
+ data.tar.gz: b7d1470c47d874830906011300bffcd97246265155422428f3e184464e3ab445
5
5
  SHA512:
6
- metadata.gz: 861c10b52c476d337c0e67e07e60275953af8e2bc33ac3f7e5aa95b1855af38f01b1b0d98c27d7a84f004f31781bd09a3cbb2296e0e16c1a49fd5b444e73424c
7
- data.tar.gz: af892a01443315e9091723538fa0b6010d4fe3807f9171e5818c3b778c2b6b4296a0326f77aa9483fceb9e2fd5a4ff59bdaa9fc8867415ada92a05648a46ebfd
6
+ metadata.gz: b179614f42123291a7bdbd1ae7c44a419c4a2da0450f466e9838d720336c831d3dae016aa9226a40f3feb473cb3063644cf5730368e68c5f783b50c437194444
7
+ data.tar.gz: 3297f930e52fcc0caacc401e79a1be77c2b7c785d15df9e4a2ca6cca3899d170a765901a08a2a76fd4da9375fa8dad2976ef80d87afb52209101c016b31d66ce
data/.gitignore CHANGED
@@ -11,3 +11,5 @@ pkg
11
11
  .dev/
12
12
  .bundle/
13
13
  vendor/
14
+ _site/
15
+ docs/.jekyll-cache/
@@ -1,9 +1,10 @@
1
1
  language: ruby
2
2
 
3
3
  rvm:
4
- - 2.4.6
5
- - 2.5.5
6
- - 2.6.2
4
+ - 2.4
5
+ - 2.5
6
+ - 2.6
7
+ - 2.7
7
8
 
8
9
  gemfile:
9
10
  - Gemfile_ar41
@@ -13,10 +14,15 @@ gemfile:
13
14
 
14
15
  matrix:
15
16
  fast_finish: true
17
+ exclude:
18
+ - rvm: 2.7
19
+ gemfile: Gemfile_ar41
16
20
  allow_failures:
17
- - rvm: 2.4.6
21
+ - rvm: 2.4
18
22
  gemfile: Gemfile_ar_master
19
- - rvm: 2.5.5
23
+ - rvm: 2.5
20
24
  gemfile: Gemfile_ar_master
21
- - rvm: 2.6.2
25
+ - rvm: 2.6
26
+ gemfile: Gemfile_ar_master
27
+ - rvm: 2.7
22
28
  gemfile: Gemfile_ar_master
@@ -1,3 +1,11 @@
1
+ ## Version 9.2.0
2
+
3
+ * Removes the `shopify` binary which will be used by the Shopify CLI
4
+
5
+ ## Version 9.1.1
6
+
7
+ * Make cursor based pagination return relative uri's when fetching next and previous pages. [#726](https://github.com/Shopify/shopify_api/pull/726)
8
+
1
9
  ## Version 9.1.0
2
10
 
3
11
  * Implements equality operator on `Session` [#714](https://github.com/Shopify/shopify_api/pull/714)
@@ -3,6 +3,6 @@ Submitting Issues
3
3
 
4
4
  Please open an issue here if you encounter a specific bug with this API client library or if something is documented here https://docs.shopify.com/api but is missing from this package.
5
5
 
6
- General questions about the Shopify API and usage of this package (not neccessarily a bug) should be posted on the [Shopify forums](https://ecommerce.shopify.com/c/shopify-apis-and-technology).
6
+ General questions about the Shopify API and usage of this package (not necessarily a bug) should be posted on the [Shopify forums](https://ecommerce.shopify.com/c/shopify-apis-and-technology).
7
7
 
8
8
  When in doubt, post on the forum first. You'll likely have your questions answered more quickly if you post there; more people monitor the forum than Github.
data/Gemfile CHANGED
@@ -3,3 +3,7 @@ source "https://rubygems.org"
3
3
  gemspec
4
4
 
5
5
  gem "activeresource", "~> 5.1"
6
+
7
+ group :docs, optional: true do
8
+ gem "jekyll"
9
+ end
data/README.md CHANGED
@@ -104,7 +104,7 @@ For a private App you just need to set the base site url as follows:
104
104
  ```ruby
105
105
  shop_url = "https://#{API_KEY}:#{PASSWORD}@#{SHOP_NAME}.myshopify.com"
106
106
  ShopifyAPI::Base.site = shop_url
107
- ShopifyAPI::Base.api_version = '<version_name>' # find the latest stable api_version [here](https://shopify.dev/concepts/about-apis/versioning)
107
+ ShopifyAPI::Base.api_version = '<version_name>' # find the latest stable api_version here: https://shopify.dev/concepts/about-apis/versioning
108
108
  ```
109
109
 
110
110
  That's it; you're done! Next, skip to step 6 and start using the API!
data/Rakefile CHANGED
@@ -21,7 +21,14 @@ rescue LoadError
21
21
  end
22
22
  end
23
23
 
24
- task :default => :test
24
+ task :default => [:test, :verify_docs]
25
+
26
+ require 'verify_docs'
27
+ task :verify_docs do
28
+ unless VerifyDocs.call
29
+ abort("\nWARNING: docs/index.md and README.md no longer have identical content. Please correct this.")
30
+ end
31
+ end
25
32
 
26
33
  require 'rdoc/task'
27
34
  Rake::RDocTask.new do |rdoc|
@@ -0,0 +1,59 @@
1
+ # Security Policy
2
+
3
+ ## Supported versions
4
+
5
+ ### New features
6
+
7
+ New features will only be added to the master branch and will not be made available in point releases.
8
+
9
+ ### Bug fixes
10
+
11
+ Only the latest release series will receive bug fixes. When enough bugs are fixed and its deemed worthy to release a new gem, this is the branch it happens from.
12
+
13
+ ### Security issues
14
+
15
+ Only the latest release series will receive patches and new versions in case of a security issue.
16
+
17
+ ### Severe security issues
18
+
19
+ For severe security issues we will provide new versions as above, and also the last major release series will receive patches and new versions. The classification of the security issue is judged by the core team.
20
+
21
+ ### Unsupported Release Series
22
+
23
+ When a release series is no longer supported, it's your own responsibility to deal with bugs and security issues. If you are not comfortable maintaining your own versions, you should upgrade to a supported version.
24
+
25
+ ## Reporting a bug
26
+
27
+ All security bugs in shopify repositories should be reported to [our hackerone program](https://hackerone.com/shopify)
28
+ Shopify's whitehat program is our way to reward security researchers for finding serious security vulnerabilities in the In Scope properties listed at the bottom of this page, including our core application (all functionality associated with a Shopify store, particularly your-store.myshopify.com/admin) and certain ancillary applications.
29
+
30
+ ## Disclosure Policy
31
+
32
+ We look forward to working with all security researchers and strive to be respectful, always assume the best and treat others as peers. We expect the same in return from all participants. To achieve this, our team strives to:
33
+
34
+ - Reply to all reports within one business day and triage within two business days (if applicable)
35
+ - Be as transparent as possible, answering all inquires about our report decisions and adding hackers to duplicate HackerOne reports
36
+ - Award bounties within a week of resolution (excluding extenuating circumstances)
37
+ - Only close reports as N/A when the issue reported is included in Known Issues, Ineligible Vulnerabilities Types or lacks evidence of a vulnerability
38
+
39
+ **The following rules must be followed in order for any rewards to be paid:**
40
+
41
+ - You may only test against shops you have created which include your HackerOne YOURHANDLE @ wearehackerone.com registered email address.
42
+ - You must not attempt to gain access to, or interact with, any shops other than those created by you.
43
+ - The use of commercial scanners is prohibited (e.g., Nessus).
44
+ - Rules for reporting must be followed.
45
+ - Do not disclose any issues publicly before they have been resolved.
46
+ - Shopify reserves the right to modify the rules for this program or deem any submissions invalid at any time. Shopify may cancel the whitehat program without notice at any time.
47
+ - Contacting Shopify Support over chat, email or phone about your HackerOne report is not allowed. We may disqualify you from receiving a reward, or from participating in the program altogether.
48
+ - You are not an employee of Shopify; employees should report bugs to the internal bug bounty program.
49
+ - You hereby represent, warrant and covenant that any content you submit to Shopify is an original work of authorship and that you are legally entitled to grant the rights and privileges conveyed by these terms. You further represent, warrant and covenant that the consent of no other person or entity is or will be necessary for Shopify to use the submitted content.
50
+ - By submitting content to Shopify, you irrevocably waive all moral rights which you may have in the content.
51
+ - All content submitted by you to Shopify under this program is licensed under the MIT License.
52
+ - You must report any discovered vulnerability to Shopify as soon as you have validated the vulnerability.
53
+ - Failure to follow any of the foregoing rules will disqualify you from participating in this program.
54
+
55
+ ** Please see our [Hackerone Profile](https://hackerone.com/shopify) for full details
56
+
57
+ ## Receiving Security Updates
58
+
59
+ To recieve all general updates to vulnerabilities, please subscribe to our hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)
@@ -0,0 +1 @@
1
+ markdown: kramdown
@@ -0,0 +1,28 @@
1
+ <meta charset="utf-8">
2
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
3
+
4
+ <title>Shopify Open Source > {{ site.github.project_title }}</title>
5
+
6
+ {% if page.description %}
7
+ <meta name="description" content="{{ site.github.project_tagline }}">
8
+ {% endif %}
9
+
10
+ <link rel="canonical" href="http://shopify.github.io">
11
+
12
+ <meta name="robots" content="index, follow">
13
+ <meta name="st:robots" content="index, follow">
14
+
15
+ <meta name="viewport" content="width=device-width, initial-scale=1">
16
+
17
+ <meta property='st:title' content="Shopify Open Source > {{ site.github.project_title }}">
18
+
19
+ <link rel="shortcut icon" href="//cdn.shopify.com/assets/favicon.ico" type="image/x-icon">
20
+
21
+ <link href="//shopify.github.io/css/sub.css" rel="stylesheet" type="text/css">
22
+ <!--[if lt IE 9]>
23
+ <link href="http://shopify.github.io/css/subie.css" rel="stylesheet" type="text/css">
24
+ <![endif]-->
25
+
26
+ <!--[if IE]>
27
+ <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
28
+ <![endif]-->
@@ -0,0 +1,28 @@
1
+ <meta charset="utf-8">
2
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
3
+
4
+ <title>Shopify Open Source > {{ site.github.project_title }}</title>
5
+
6
+ {% if page.description %}
7
+ <meta name="description" content="{{ site.github.project_tagline }}">
8
+ {% endif %}
9
+
10
+ <link rel="canonical" href="http://shopify.github.io">
11
+
12
+ <meta name="robots" content="index, follow">
13
+ <meta name="st:robots" content="index, follow">
14
+
15
+ <meta name="viewport" content="width=device-width, initial-scale=1">
16
+
17
+ <meta property='st:title' content="Shopify Open Source > {{ site.github.project_title }}">
18
+
19
+ <link rel="shortcut icon" href="//cdn.shopify.com/assets/favicon.ico" type="image/x-icon">
20
+
21
+ <link href="//shopify.github.io/css/sub.css" rel="stylesheet" type="text/css">
22
+ <!--[if lt IE 9]>
23
+ <link href="http://shopify.github.io/css/subie.css" rel="stylesheet" type="text/css">
24
+ <![endif]-->
25
+
26
+ <!--[if IE]>
27
+ <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
28
+ <![endif]-->
@@ -0,0 +1,57 @@
1
+ <!doctype html>
2
+ <!--[if IE 8]><html class="no-js lt-ie9" lang="en"> <![endif]-->
3
+ <!--[if IE 9 ]><html class="ie9 no-js"> <![endif]-->
4
+ <!--[if (gt IE 9)|!(IE)]><!--> <html class="no-js"> <!--<![endif]-->
5
+ <head>
6
+ {% include head.html %}
7
+ </head>
8
+ <body>
9
+ <div class="hero">
10
+ <div class="hero-lines"></div>
11
+ <header class="hero-header">
12
+ <div class="pagewidth">
13
+ <div class="logo--ie">
14
+ <img src="http://shopify.github.io/images/shopify-open-source-sub.svg" alt="Shopify Open Source" class="logo">
15
+ <span class="breadcrumb"><a href="http://shopify.github.io">Open Source</a> > {{ site.github.project_title }}</span>
16
+ </div>
17
+ <div class="repo-lang {{ site.github.language | downcase }}">
18
+ {{ site.github.language }}
19
+ </div>
20
+ </div>
21
+ </header>
22
+ <div class="pagewidth">
23
+ <div class="hero-inner">
24
+ <h1 class="hero-logo">{{ site.github.project_title }}</h1>
25
+ <h2 class="hero-text">{{ site.github.project_tagline }}</h2>
26
+ <div class="cta-buttons">
27
+ <a href="{{ site.github.zip_url }}" class="float">Download ZIP</a>
28
+ <a href="{{ site.github.repository_url }}" class="float github">
29
+ Github Repo
30
+ <i class="icon-star" title="Stars"></i> <span id="starCount"></span>
31
+ <i class="icon-forks" title="Forks"></i> <span id="forkCount"></span>
32
+ </a>
33
+ </div>
34
+ </div>
35
+ </div>
36
+ </div>
37
+
38
+ <div class="documentation">
39
+ <div class="pagewidth">
40
+
41
+ {{ content }}
42
+
43
+ </div>
44
+ </div>
45
+ {% include footer.html %}
46
+
47
+ <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
48
+ <script src="//shopify.github.io/javascripts/sub.js"></script>
49
+ <script>
50
+ jQuery(function($) {
51
+ shopifyOpenSource.init({
52
+ repo_name: '{{ site.github.repository_nwo }}'
53
+ });
54
+ });
55
+ </script>
56
+ </body>
57
+ </html>
@@ -147,6 +147,51 @@ during your boot process.
147
147
  The goal is to have all clients created at boot so there's no schema loading,
148
148
  parsing, or client instantiation done during runtime when your app serves a request.
149
149
 
150
+
151
+ ## Using a custom GraphQL Client
152
+ By default `ShopifyAPI::GraphQL` wraps the Github GraphQL Client library. However, this client
153
+ may not suitable for various reasons. If you wish to expand on the interface of the client or
154
+ improve the required functions for your use case you can implement a client of your own.
155
+
156
+ To use a custom GraphQL Client:
157
+ ```
158
+ class CustomGraphQLClient < ::GraphQL::Client
159
+ end
160
+
161
+ ShopifyAPI::GraphQL.graphql_client = CustomGraphQLClient
162
+ ```
163
+
164
+
165
+ ## Using a custom query execution adapter
166
+ Github's GraphQL Client uses an adapter pattern so that you can define how you interact
167
+ with GraphQL API's. Shopify provides a minimal implementation in `ShopifyAPI::GraphQL::HTTPClient`.
168
+ If you need to add additional functionality pre, during or post query execution you can
169
+ consider implementing these within a custom query execution adapter, inheriting from
170
+ `ShopifyAPI::GraphQL::HTTPClient` which provides the necessary implementation for
171
+ headers, url, and api versions
172
+
173
+
174
+ To set a custom query executiona dapter set `ShopifyAPI::GraphQL.execution_adapter` to your client:
175
+ ```ruby
176
+ class RaisingHTTPClient < ShopifyAPI::GraphQL::HTTPClient
177
+ def execute(document:, operation_name: nil, variables: {}, context: {})
178
+ result = super
179
+ do_work(result)
180
+ end
181
+
182
+ private
183
+
184
+ def do_work(result)
185
+ result
186
+ end
187
+ end
188
+
189
+ ShopifyAPI::GraphQL.execution_adapter = RaisingHTTPClient
190
+ ```
191
+
192
+ Note, the execution adapter has `client` in the name. This is to remain consistent with
193
+ the naming conventions within the Github GraphQL Client library.
194
+
150
195
  ## Migration guide
151
196
  Prior to shopify_api v9.0 the GraphQL client implementation was limited and almost
152
197
  unusable due to the client making dynamic introspection queries to Shopify's API.
@@ -193,4 +238,4 @@ result = client.query(SHOP_NAME_QUERY)
193
238
  result.data.shop.name
194
239
  ```
195
240
 
196
- See [making queries](#making-queries) for more usage details.
241
+ See [make queries](#make-queries) for more usage details.
@@ -0,0 +1,639 @@
1
+ ---
2
+ layout: index
3
+ ---
4
+
5
+ [![Version][gem]][gem_url] [![Build Status](https://travis-ci.org/Shopify/shopify_api.svg?branch=master)](https://travis-ci.org/Shopify/shopify_api)
6
+
7
+ [gem]: https://img.shields.io/gem/v/shopify_api.svg
8
+ [gem_url]: https://rubygems.org/gems/shopify_api
9
+
10
+ The Shopify API gem allows Ruby developers to access the admin section of Shopify stores programmatically.
11
+
12
+ The best way to consume the Shopify API is through GraphQL, which enables high volume mutations, bulk operations, and access to all new features.
13
+
14
+ The REST API is implemented as JSON over HTTP using all four verbs (GET/POST/PUT/DELETE). Each resource, like Order, Product, or Collection, has a distinct URL and is manipulated in isolation. In other words, we’ve tried to make the API follow the REST principles as much as possible.
15
+
16
+ - [Shopify API](#shopify-api)
17
+ - [Usage](#usage)
18
+ * [Requirements](#requirements)
19
+ + [Ruby version](#ruby-version)
20
+ * [Installation](#installation)
21
+ * [Getting Started](#getting-started)
22
+ + [1) Create an app](#1-create-an-app)
23
+ + [2A) Private Apps](#2a-private-apps)
24
+ + [2B) Public and Custom Apps](#2b-public-and-custom-apps)
25
+ + [3) Requesting access from a shop](#3-requesting-access-from-a-shop)
26
+ + [4) Trading your `code` for an access token.](#4-trading-your--code--for-an-access-token)
27
+ + [5) Activating the session](#5-activating-the-session)
28
+ + [6A) Making requests to the GraphQL API](#6a-making-requests-to-the-graphql-api)
29
+ + [6B) Making requests to the REST API](#6b-making-requests-to-the-rest-api)
30
+ * [Console](#console)
31
+ * [Thread safety](#thread-safety)
32
+ * [Bulk Operations](#bulk-operations)
33
+ + [Example](#example)
34
+ - [1) Start the bulk operation](#1-start-the-bulk-operation)
35
+ - [2) Poll the status of the bulk operation](#2-poll-the-status-of-the-bulk-operation)
36
+ - [3) Retrieve your data](#3-retrieve-your-data)
37
+ * [Pagination](#pagination)
38
+ - [Breaking Change Notices](#breaking-change-notices)
39
+ * [Breaking change notice for version 8.0.0](#breaking-change-notice-for-version-800)
40
+ * [Breaking change notice for version 7.0.0](#breaking-change-notice-for-version-700)
41
+ + [Changes to ShopifyAPI::Session](#changes-to-shopifyapi--session)
42
+ + [Changes to how to define resources](#changes-to-how-to-define-resources)
43
+ + [URL construction](#url-construction)
44
+ + [URLs that have not changed](#urls-that-have-not-changed)
45
+ - [Using Development Version](#using-development-version)
46
+ - [Additional Resources](#additional-resources)
47
+ - [Copyright](#copyright)
48
+
49
+ # Usage
50
+
51
+ ## Requirements
52
+
53
+ All API usage happens through Shopify applications, created by either shop owners for their shops, or by Shopify Partners for use by other shop owners:
54
+
55
+ * Shop owners can create applications for themselves through their admin: https://shopify.dev/tutorials/authenticate-a-private-app-with-shopify-admin#generate-private-app-credentials
56
+ * Shopify Partners create applications through their admin: http://app.shopify.com/services/partners
57
+
58
+ For more information and detailed documentation about the API visit https://developers.shopify.com/
59
+
60
+ ### Ruby version
61
+
62
+ This gem requires Ruby 2.4 as of version 7.0.
63
+
64
+ ## Installation
65
+
66
+ Add `shopify_api` to your `Gemfile`:
67
+
68
+ ```ruby
69
+ gem 'shopify_api'
70
+ ```
71
+
72
+ Or install via [gem](http://rubygems.org/)
73
+
74
+ ```bash
75
+ gem install shopify_api
76
+ ```
77
+
78
+ Once the gem is installed, it must be added to your project by placing the following line in your app :
79
+
80
+ ```ruby
81
+ require 'shopify_api'
82
+ ```
83
+
84
+ ## Getting Started
85
+
86
+ ShopifyAPI sessions need to be configured with a fully authorized URL of a particular store before they can start making API calls. To obtain that URL, you can follow these steps:
87
+
88
+ ### 1) Create an app
89
+
90
+ First, create a new application in either the partners admin or your store admin.
91
+
92
+ **Private apps** are used for merchant-owned scripts and apps that run silently in the background on a single shop. Private apps aren't able to render any content in the admin. Private apps are created through the store admin.
93
+
94
+ **Custom apps** are also used for a single shop, but they have access to [app extensions](https://shopify.dev/docs/app-extensions) that allow the app to render content in the admin and are managed and created through the partners dashboard.
95
+
96
+ **Public apps** can be installed on many stores, and can be added to the Shopify App Store to generate revenue for the developer.
97
+
98
+ For a private app, you'll need the API_KEY and the PASSWORD; otherwise, you'll need the API_KEY and SHARED_SECRET.
99
+
100
+ If you're not sure how to create a new application in the partner admin, visit the [tutorial in our documentation](https://shopify.dev/tutorials/authenticate-a-public-app-with-oauth#generate-credentials-from-your-partner-dashboard). For the instructions on generating a private app, visit the [tutorial on generating private credentials](https://shopify.dev/tutorials/authenticate-a-private-app-with-shopify-admin#generate-credentials-from-the-shopify-admin)
101
+
102
+ ### 2A) Private Apps
103
+
104
+ For a private App you just need to set the base site url as follows:
105
+
106
+ ```ruby
107
+ shop_url = "https://#{API_KEY}:#{PASSWORD}@#{SHOP_NAME}.myshopify.com"
108
+ ShopifyAPI::Base.site = shop_url
109
+ ShopifyAPI::Base.api_version = '<version_name>' # find the latest stable api_version here: https://shopify.dev/concepts/about-apis/versioning
110
+ ```
111
+
112
+ That's it; you're done! Next, skip to step 6 and start using the API!
113
+
114
+ ### 2B) Public and Custom Apps
115
+
116
+ For public and custom apps, you will need to supply two parameters to the Session class before you instantiate it:
117
+
118
+ ```ruby
119
+ ShopifyAPI::Session.setup(api_key: API_KEY, secret: SHARED_SECRET)
120
+ ```
121
+
122
+ Shopify maintains [`omniauth-shopify-oauth2`](https://github.com/Shopify/omniauth-shopify-oauth2), which simplifies and securely wraps the OAuth flow and interactions with Shopify. Using this gem is the recommended way to use OAuth authentication in your application.
123
+
124
+ ### 3) Requesting access from a shop
125
+
126
+ Public and Custom apps need an access token from each shop to access that shop's data. Getting an access token is a two-stage process. The first stage is to redirect the merchant to a **permission URL** to grant access to the app.
127
+
128
+ We've added the `create_permission_url` method to make this easier :
129
+
130
+ ```ruby
131
+ # We need to instantiate the session object before using it
132
+ shopify_session = ShopifyAPI::Session.new(domain: "SHOP_NAME.myshopify.com", api_version: api_version, token: nil)
133
+
134
+ # Then, create a permission URL with the session
135
+ permission_url = shopify_session.create_permission_url(scope, "https://my_redirect_uri.com", { state: "My Nonce" })
136
+ ```
137
+
138
+ After creating the permission URL, the user should be directed to this URL to approve the app.
139
+
140
+ Under the hood, the `create_permission_url` method is preparing the app to make the following request :
141
+
142
+ ```
143
+ GET https://SHOP_NAME.myshopify.com/admin/oauth/authorize
144
+ ```
145
+
146
+ with the following parameters:
147
+
148
+ * ``client_id`` – Required – The API key for your app
149
+ * ``scope`` – Required – The list of required scopes (explained here: https://shopify.dev/tutorials/authenticate-with-oauth#scopes)
150
+ * ``redirect_uri`` – Required – The URL where you want to redirect the users after they authorize the client. The complete URL specified here must be identical to one of the Application Redirect URLs set in the app's section of the Partners dashboard.
151
+ * ``state`` – Optional – A randomly selected value provided by your application, which is unique for each authorization request. During the OAuth callback phase, your application must check that this value matches the one you provided during authorization. [This mechanism is essential for the security of your application](https://tools.ietf.org/html/rfc6819#section-3.6).
152
+ * ``grant_options[]`` - Optional - Set this parameter to `per-user` to receive an access token that respects the user's permission level when making API requests (called online access). We strongly recommend using this parameter for embedded apps.
153
+
154
+ ### 4) Trading your `code` for an access token.
155
+
156
+ Once authorized, the shop redirects the owner to the return URL of your application with a parameter named `code`. The value of this parameter is a temporary token that the app can exchange for a permanent access token.
157
+
158
+ Before you proceed, make sure your application performs the following security checks. If any of the checks fail, your application must reject the request with an error, and must not proceed further.
159
+
160
+ 1) Ensure the provided ``state`` is the same one that your application provided to Shopify in the previous step.
161
+ 2) Ensure the provided hmac is valid. The hmac is signed by Shopify, as explained below in the Verification section.
162
+ 3) Ensure the provided hostname parameter is a valid hostname, ends with myshopify.com, and does not contain characters other than letters (a-z), numbers (0-9), dots, and hyphens.
163
+
164
+ If all security checks pass, the authorization code can be exchanged once for a permanent access token. There is a method to make the request and get the token for you. Pass all the params received from the previous call and the method will verify the params, extract the temp code and then request your token:
165
+
166
+ ```ruby
167
+ token = shopify_session.request_token(params)
168
+ ```
169
+
170
+ This method will save the token to the session object and return it. All fields returned by Shopify, other than the access token itself, are stored in the session's `extra` attribute. For a list of all fields returned by Shopify, read [our OAuth documentation](https://shopify.dev/tutorials/authenticate-with-oauth#confirming-installation).
171
+
172
+ If you prefer to exchange the token manually, you can make a POST request to the shop with the following parameters :
173
+
174
+ ```
175
+ POST https://SHOP_NAME.myshopify.com/admin/oauth/access_token
176
+ ```
177
+
178
+ * ``client_id`` – Required – The API key for your app
179
+ * ``client_secret`` – Required – The shared secret for your app
180
+ * ``code`` – Required – The token you received in step 3
181
+
182
+ You'll get your permanent access token back in the response.
183
+
184
+ If you requested an access token that is associated with a specific user, you can retrieve information about this user from the `extra` hash:
185
+
186
+ ```ruby
187
+ # a list of all granted scopes
188
+ granted_scopes = shopify_session.extra['scope']
189
+ # a hash containing the user information
190
+ user = shopify_session.extra['associated_user']
191
+ # the access scopes available to this user, which may be a subset of the access scopes granted to this app.
192
+ active_scopes = shopify_session.extra['associated_user_scope']
193
+ # the time at which this token expires; this is automatically converted from 'expires_in' returned by Shopify
194
+ expires_at = shopify_session.extra['expires_at']
195
+ ```
196
+
197
+ For the security of your application, after retrieving an access token, you must validate the following:
198
+ 1) The list of scopes in `shopify_session.extra['scope']` is the same as you requested.
199
+ 2) If you requested an online-mode access token, `shopify_session.extra['associated_user']` must be present.
200
+ Failing either of these tests means the end-user may have tampered with the URL parameters during the OAuth authentication phase. You should avoid using this access token and revoke it immediately. If you use the [`omniauth-shopify-oauth2`](https://github.com/Shopify/omniauth-shopify-oauth2) gem, these checks are done automatically for you.
201
+
202
+ ### 5) Activating the session
203
+
204
+ Once you have a token, simply pass in the `token` and `extra` hash (optional) when creating the session object:
205
+
206
+ ```ruby
207
+ shopify_session = ShopifyAPI::Session.new(domain: "SHOP_NAME.myshopify.com", token: token, api_version: api_version, extra: extra)
208
+ ```
209
+
210
+ The session must be activated before use:
211
+
212
+ ```ruby
213
+ ShopifyAPI::Base.activate_session(shopify_session)
214
+ ```
215
+
216
+ ### 6A) Making requests to the GraphQL API
217
+
218
+ The GraphQL API is the recommended way to consume the Shopify API. It is more fully-featured than REST, more performant, and future-proof. Whenever possible, GraphQL should be used to consume the Shopify API.
219
+
220
+ ###### Note: the GraphQL client has improved and changed in version 9.0. See the [client documentation](docs/graphql.md) for full usage details and a [migration guide](docs/graphql.md#migration-guide).
221
+
222
+ This library also supports Shopify's [GraphQL Admin API](https://shopify.dev/docs/admin-api/graphql/reference)
223
+ via integration with the [graphql-client](https://github.com/github/graphql-client) gem.
224
+ The authentication process (steps 1-5 under [Getting Started](#getting-started))
225
+ is identical. Once your session is activated, simply access the GraphQL client
226
+ and use `parse` and `query` as defined by
227
+ [graphql-client](https://github.com/github/graphql-client#defining-queries).
228
+
229
+ ```ruby
230
+ client = ShopifyAPI::GraphQL.client
231
+
232
+ SHOP_NAME_QUERY = client.parse <<-'GRAPHQL'
233
+ {
234
+ shop {
235
+ name
236
+ }
237
+ }
238
+ GRAPHQL
239
+
240
+ result = client.query(SHOP_NAME_QUERY)
241
+ result.data.shop.name
242
+ ```
243
+
244
+ [GraphQL client documentation](docs/graphql.md)
245
+
246
+ ### 6B) Making requests to the REST API
247
+
248
+ Responses to REST requests are returned as ActiveResource instances:
249
+
250
+ ```ruby
251
+ shop = ShopifyAPI::Shop.current
252
+
253
+ # Get a specific product
254
+ product = ShopifyAPI::Product.find(179761209)
255
+
256
+ # Create a new product
257
+ new_product = ShopifyAPI::Product.new
258
+ new_product.title = "Burton Custom Freestlye 151"
259
+ new_product.product_type = "Snowboard"
260
+ new_product.vendor = "Burton"
261
+ new_product.save
262
+
263
+ # Update a product
264
+ product.handle = "burton-snowboard"
265
+ product.save
266
+ ```
267
+
268
+ Alternatively, you can use #temp to initialize a Session and execute a command which also handles temporarily setting ActiveResource::Base.site:
269
+
270
+ ```ruby
271
+ products = ShopifyAPI::Session.temp(domain: "SHOP_NAME.myshopify.com", token: token, api_version: api_version) do
272
+ ShopifyAPI::Product.find(:all)
273
+ end
274
+ ```
275
+
276
+ If you would like to run a small number of calls against a different API version you can use this block syntax:
277
+
278
+ ```ruby
279
+ ShopifyAPI::Session.temp(domain: "SHOP_NAME.myshopify.com", token: token, api_version: '2019-04') do
280
+ ShopifyAPI::Product.find(:all) # find call against version `2019-04`
281
+
282
+ ShopifyAPI::Session.with_version(:unstable) do
283
+ ShopifyAPI::Product.find(:all) # find call against version `unstable`
284
+ end
285
+
286
+ ShopifyAPI::Product.find(:all) # find call against version `2019-04`
287
+ end
288
+ ```
289
+
290
+ If you want to work with another shop, you'll first need to clear the session:
291
+
292
+ ```ruby
293
+ ShopifyAPI::Base.clear_session
294
+ ```
295
+
296
+ ## Console
297
+
298
+ This package also supports the ``shopify-api`` executable to make it easy to open up an interactive console to use the API with a shop.
299
+
300
+ 1. Install the ``shopify_api_console`` gem.
301
+
302
+ ```bash
303
+ gem install shopify_api_console
304
+ ```
305
+
306
+ 2. Obtain a private API key and password to use with your shop (step 2A in "Getting Started")
307
+
308
+ 3. Use the ``shopify-api`` script to save the credentials for the shop to quickly login.
309
+
310
+ ```bash
311
+ shopify-api add yourshopname
312
+ ```
313
+
314
+ Follow the prompts for the shop domain, API key and password.
315
+
316
+ 4. Start the console for the connection.
317
+
318
+ ```bash
319
+ shopify-api console
320
+ ```
321
+
322
+ 5. To see the full list of commands, type:
323
+
324
+ ```bash
325
+ shopify-api help
326
+ ```
327
+
328
+ ## Thread safety
329
+
330
+ ActiveResource is threadsafe as of version 4.1 (which works with Rails 4.x and above).
331
+
332
+ If you were previously using Shopify's [activeresource fork](https://github.com/shopify/activeresource), then you should remove it and use ActiveResource 4.1.
333
+
334
+ ## Bulk Operations
335
+
336
+ With the GraphQL Admin API, you can use bulk operations to asynchronously fetch data in bulk. The API is designed to reduce complexity and improve performance when dealing with large volumes of data.
337
+
338
+ Instead of manually paginating results and managing a client-side throttle, you can instead run a bulk query operation. Shopify’s infrastructure does the hard work of executing your query, and then provides you with a URL where you can download all of the data.
339
+
340
+ Apps are limited to running a single bulk operation at a time per shop. When the operation is complete, the results are delivered in the form of a JSONL file that Shopify makes available at a URL.
341
+
342
+ ### Example
343
+
344
+ The following mutation queries the products connection and returns each product's ID and title.
345
+
346
+ #### 1) Start the bulk operation
347
+
348
+ ```ruby
349
+ client = ShopifyAPI::GraphQL.client
350
+
351
+ PRODUCTS_BULK_QUERY = client.parse <<-'GRAPHQL'
352
+ mutation {
353
+ bulkOperationRunQuery(
354
+ query: """
355
+ {
356
+ products {
357
+ edges {
358
+ node {
359
+ id
360
+ title
361
+ }
362
+ }
363
+ }
364
+ }
365
+ """
366
+ ) {
367
+ bulkOperation {
368
+ id
369
+ status
370
+ }
371
+ userErrors {
372
+ field
373
+ message
374
+ }
375
+ }
376
+ }
377
+ GRAPHQL
378
+
379
+ result = client.query(PRODUCTS_BULK_QUERY)
380
+ ```
381
+ #### Step 2) Poll the status of the bulk operation
382
+
383
+ While the operation is running, you need to poll to see its progress using the `currentBulkOperation` field. The `objectCount` field increments to indicate the operation's progress, and the `status` field returns whether the operation is completed.
384
+
385
+ ```ruby
386
+ BULK_POLL_QUERY = client.parse <<-'GRAPHQL'
387
+ query {
388
+ currentBulkOperation {
389
+ id
390
+ status
391
+ errorCode
392
+ createdAt
393
+ completedAt
394
+ objectCount
395
+ fileSize
396
+ url
397
+ partialDataUrl
398
+ }
399
+ }
400
+ GRAPHQL
401
+
402
+ result = client.query(BULK_POLL_QUERY)
403
+ ```
404
+
405
+ The JSON response of a completed query will look like this :
406
+
407
+ ```json
408
+ {
409
+ "data": {
410
+ "currentBulkOperation": {
411
+ "id": "gid:\/\/shopify\/BulkOperation\/720918",
412
+ "status": "COMPLETED",
413
+ "errorCode": null,
414
+ "createdAt": "2019-08-29T17:16:35Z",
415
+ "completedAt": "2019-08-29T17:23:25Z",
416
+ "objectCount": "57",
417
+ "fileSize": "358",
418
+ "url": "https:\/\/storage.googleapis.com\/shopify\/dyfkl3g72empyyoenvmtidlm9o4g?<params>",
419
+ "partialDataUrl": null
420
+ }
421
+ },
422
+ ...
423
+ }
424
+ ```
425
+
426
+ #### Step 3) Retrieve your data
427
+
428
+ Since bulk operations are specifically designed to fetch large datasets, we’ve chosen the [JSON Lines](http://jsonlines.org/) (JSONL) format for the response data so that clients have more flexibility in how they consume the data. JSONL is similar to JSON, but each line is a valid JSON object. The file can be parsed one line at a time by using file streaming functionality to avoid issues with memory consumption.
429
+
430
+ A JSONL output file is available for download at the URL specified in the `url` field when the operation completes.
431
+
432
+ Each line in the file is a node object returned in a connection. If a node has a nested connection, then each child node is extracted into a new object on the next line. Below is an example of a JSONL file.
433
+
434
+ ```json
435
+ {"id":"gid://shopify/Product/1921569226808"}
436
+ {"id":"gid://shopify/ProductVariant/19435458986040","title":"70","__parentId":"gid://shopify/Product/1921569226808"}
437
+ {"id":"gid://shopify/Product/1921569259576"}
438
+ {"id":"gid://shopify/ProductVariant/19435459018808","title":"34","__parentId":"gid://shopify/Product/1921569259576"}
439
+ {"id":"gid://shopify/Product/1921569292344"}
440
+ {"id":"gid://shopify/ProductVariant/19435459051576","title":"Default Title","__parentId":"gid://shopify/Product/1921569292344"}
441
+ {"id":"gid://shopify/Product/1921569325112"}
442
+ {"id":"gid://shopify/ProductVariant/19435459084344","title":"36","__parentId":"gid://shopify/Product/1921569325112"}
443
+ {"id":"gid://shopify/Product/1921569357880"}
444
+ {"id":"gid://shopify/ProductVariant/19435459117112","title":"47","__parentId":"gid://shopify/Product/1921569357880"}
445
+ {"id":"gid://shopify/ProductVariant/19435458986123","title":"52","__parentId":"gid://shopify/Product/1921569226808"}
446
+ ```
447
+
448
+ Here's a simple example in Ruby to demonstrate the proper way of loading and parsing a JSONL file:
449
+
450
+ ```ruby
451
+ # Efficient: reads the file a single line at a time
452
+ File.open(file) do |f|
453
+ f.each do |line|
454
+ JSON.parse(line)
455
+ end
456
+ end
457
+
458
+ # Inefficient: reads the entire file into memory
459
+ jsonl = File.read(file)
460
+
461
+ jsonl.each_line do |line|
462
+ JSON.parse(line)
463
+ end
464
+ ```
465
+
466
+ ## Pagination
467
+
468
+ Shopify uses [Relative cursor-based pagination](https://shopify.dev/tutorials/make-paginated-requests-to-rest-admin-api) to provide more than a single page of results.
469
+
470
+ ```ruby
471
+ products = ShopifyAPI::Product.find(:all, params: { limit: 50 })
472
+ process_products(products)
473
+ while products.next_page?
474
+ products = products.fetch_next_page
475
+ process_products(products)
476
+ end
477
+ ```
478
+
479
+ If you want cursor-based pagination to work across page loads, or wish to distribute workload across multiple background jobs, you can use #next_page_info or #previous_page_info methods that return strings:
480
+
481
+ ```
482
+ first_batch_products = ShopifyAPI::Product.find(:all, params: { limit: 50 })
483
+ second_batch_products = ShopifyAPI::Product.find(:all, params: { limit: 50, page_info: first_batch_products.next_page_info })
484
+ ...
485
+ ```
486
+
487
+ Relative cursor pagination is currently available for all endpoints using the `2019-10` and later API versions.
488
+
489
+ Apps using older versions of the API may have used page-based pagination (deprecated starting in 2019-10) :
490
+
491
+ ```ruby
492
+ page = 1
493
+ products = ShopifyAPI::Product.find(:all, params: { limit: 50, page: page })
494
+ process_products(products)
495
+ while(products.count == 50)
496
+ page += 1
497
+ products = ShopifyAPI::Product.find(:all, params: { limit: 50, page: page })
498
+ process_products(products)
499
+ end
500
+ ```
501
+
502
+ # Breaking Change Notices
503
+
504
+ ## Breaking change notice for version 8.0.0
505
+
506
+ Version 7.0.0 introduced ApiVersion, and known versions were hardcoded into the gem. Manually defining API versions is no longer required for versions not listed in the gem. Version 8.0.0 removes the following:
507
+ * `ShopifyAPI::ApiVersion::Unstable`
508
+ * `ShopifyAPI::ApiVersion::Release`
509
+ * `ShopifyAPI::ApiVersion.define_version`
510
+
511
+ The following methods on `ApiVersion` have been deprecated:
512
+ - `.coerce_to_version` deprecated. use `.find_version`
513
+ - `.define_known_versions` deprecated. Use `.fetch_known_versions`
514
+ - `.clear_defined_versions` deprecated. Use. `.clear_known_versions`
515
+ - `.latest_stable_version` deprecated. Use `ShopifyAPI::Meta.admin_versions.find(&:latest_supported)` (this fetches info from Shopify servers. No authentication required.)
516
+ - `#name` deprecated. Use `#handle`
517
+ - `#stable?` deprecated. Use `#supported?`
518
+
519
+ Version 8.0.0 introduces a _version lookup mode_. By default, `ShopifyAPI::ApiVersion.version_lookup_mode` is `:define_on_unknown`. When setting the api_version on `Session` or `Base`, the `api_version` attribute takes a version handle (i.e. `'2019-07'` or `:unstable`) and sets an instance of `ShopifyAPI::ApiVersion` matching the handle. When the version_lookup_mode is set to `:define_on_unknown`, any handle will naïvely create a new `ApiVersion` if the version is not in the known versions returned by `ShopifyAPI::ApiVersion.versions`.
520
+
521
+ To ensure you're setting only known and active versions, call :
522
+
523
+ ```ruby
524
+ ShopifyAPI::ApiVersion.version_lookup_mode = :raise_on_unknown
525
+ ShopifyAPI::ApiVersion.fetch_known_versions
526
+ ```
527
+
528
+ Known and active versions are fetched from https://app.shopify.com/services/apis.json and cached. Trying to use a version outside this cached set will raise an error. To switch back to naïve lookup and create a version if one is not found, call `ShopifyAPI::ApiVersion.version_lookup_mode = :define_on_unknown`.
529
+
530
+
531
+ ## Breaking change notice for version 7.0.0
532
+
533
+ ### Changes to ShopifyAPI::Session
534
+ When creating sessions, `api_version`is now required and uses keyword arguments.
535
+
536
+ To upgrade your use of ShopifyAPI you will need to make the following changes.
537
+
538
+ ```ruby
539
+ ShopifyAPI::Session.new(domain, token, extras)
540
+ ```
541
+ is now
542
+ ```ruby
543
+ ShopifyAPI::Session.new(domain: domain, token: token, api_version: api_version, extras: extras)
544
+ ```
545
+ Note `extras` is still optional. The other arguments are required.
546
+
547
+ ```ruby
548
+ ShopifyAPI::Session.temp(domain, token, extras) do
549
+ ...
550
+ end
551
+ ```
552
+ is now
553
+ ```ruby
554
+ ShopifyAPI::Session.temp(domain: domain, token: token, api_version: api_version) do
555
+ ...
556
+ end
557
+ ```
558
+
559
+ For example, if you want to use the `2019-04` version, you will create a session like this:
560
+ ```ruby
561
+ session = ShopifyAPI::Session.new(domain: domain, token: token, api_version: '2019-04')
562
+ ```
563
+ if you want to use the `unstable` version, you will create a session like this:
564
+ ```ruby
565
+ session = ShopifyAPI::Session.new(domain: domain, token: token, api_version: :unstable)
566
+ ```
567
+
568
+ ### Changes to how to define resources
569
+
570
+ If you have defined or customized Resources, classes that extend `ShopifyAPI::Base`:
571
+ The use of `self.prefix =` has been deprecated; you should now use `self.resource =` and not include `/admin`.
572
+ For example, if you specified a prefix like this before:
573
+ ```ruby
574
+ class MyResource < ShopifyAPI::Base
575
+ self.prefix = '/admin/shop/'
576
+ end
577
+ ```
578
+ You will update this to:
579
+ ```ruby
580
+ class MyResource < ShopifyAPI::Base
581
+ self.resource_prefix = 'shop/'
582
+ end
583
+ ```
584
+
585
+ ### URL construction
586
+
587
+ If you have specified any full paths for API calls in find
588
+ ```ruby
589
+ def self.current(options={})
590
+ find(:one, options.merge(from: "/admin/shop.#{format.extension}"))
591
+ end
592
+ ```
593
+ would be changed to
594
+
595
+ ```ruby
596
+ def self.current(options = {})
597
+ find(:one, options.merge(
598
+ from: api_version.construct_api_path("shop.#{format.extension}")
599
+ ))
600
+ end
601
+ ```
602
+
603
+ ### URLs that have not changed
604
+
605
+ - OAuth URLs for `authorize`, getting the `access_token` from a code, `access_scopes`, and using a `refresh_token` have _not_ changed.
606
+ - get: `/admin/oauth/authorize`
607
+ - post: `/admin/oauth/access_token`
608
+ - get: `/admin/oauth/access_scopes`
609
+ - URLs for the merchant’s web admin have _not_ changed. For example: to send the merchant to the product page the url is still `/admin/product/<id>`
610
+
611
+ # Using Development Version
612
+
613
+ Download the source code and run:
614
+
615
+ ```bash
616
+ bundle install
617
+ bundle exec rake test
618
+ ```
619
+
620
+ or if you'd rather use docker just run:
621
+ ```bash
622
+ docker run -it --name shopify_api -v "$PWD:/shopify_api" -w="/shopify_api" ruby:2.6 bundle install
623
+ docker exec -it shopify_api bash
624
+ ```
625
+
626
+ or you can even use our automated rake task for docker:
627
+ ```bash
628
+ bundle exec rake docker
629
+ ```
630
+
631
+ # Additional Resources
632
+
633
+ * [GraphQL API Reference](https://shopify.dev/docs/admin-api/graphql/reference)
634
+ * [REST API Reference](https://shopify.dev/docs/admin-api/rest/reference)
635
+ * [Ask questions on the forums](https://community.shopify.com/c/Shopify-Community/ct-p/en?profile.language=en)
636
+
637
+ # Copyright
638
+
639
+ Copyright (c) 2014 "Shopify Inc.". See LICENSE for details.