From shopify
Sets up Shopify CLI auth and Admin API access token for a store: install CLI, login, create custom app with scopes, store token securely, verify with GraphQL. For store connections or auth issues.
npx claudepluginhub jezweb/claude-skills --plugin shopifyThis skill uses the workspace's default tool permissions.
Set up working Shopify CLI authentication and Admin API access for a store. Produces a verified API connection ready for product and content management.
Guides Payload CMS config (payload.config.ts), collections, fields, hooks, access control, APIs. Debugs validation errors, security, relationships, queries, transactions, hook behavior.
Builds scalable data pipelines, modern data warehouses, and real-time streaming architectures using Spark, dbt, Airflow, Kafka, and cloud platforms like Snowflake, BigQuery.
Builds production Apache Airflow DAGs with best practices for operators, sensors, testing, and deployment. For data pipelines, workflow orchestration, and batch job scheduling.
Set up working Shopify CLI authentication and Admin API access for a store. Produces a verified API connection ready for product and content management.
Verify the Shopify CLI is installed:
shopify version
If not installed:
npm install -g @shopify/cli
shopify auth login --store mystore.myshopify.com
This opens a browser for OAuth. The user must be a store owner or staff member with appropriate permissions.
After login, verify:
shopify store info
Custom apps provide stable Admin API access tokens (unlike CLI session tokens which expire).
Check if an app already exists: Ask the user if they have a custom app set up. If yes, skip to Step 4.
If no custom app exists, guide the user through creation via browser:
https://{store}.myshopify.com/admin/settings/apps/developmentreferences/api-scopes.md for details):
read_products, write_productsread_content, write_contentread_product_listingsread_inventory, write_inventoryread_files, write_filesUse browser automation (Chrome MCP or playwright-cli) if the user prefers assistance navigating the admin.
Store the token securely. Never commit it to git.
For project use — create .dev.vars:
SHOPIFY_STORE=mystore.myshopify.com
SHOPIFY_ACCESS_TOKEN=shpat_xxxxxxxxxxxxxxxxxxxxx
Ensure .dev.vars is in .gitignore.
For cross-project use — store in your preferred secrets manager (environment variable, 1Password CLI, etc.).
Test the connection with a simple GraphQL query:
curl -s https://{store}.myshopify.com/admin/api/2025-01/graphql.json \
-H "Content-Type: application/json" \
-H "X-Shopify-Access-Token: {token}" \
-d '{"query": "{ shop { name primaryDomain { url } } }"}' | jq .
Expected response includes the shop name and domain. If you get a 401, the token is invalid or expired — recreate the app.
Create a shopify.config.json in the project root for other skills to reference:
{
"store": "mystore.myshopify.com",
"apiVersion": "2025-01",
"tokenSource": ".dev.vars"
}
Always specify an explicit API version (e.g. 2025-01). Using unstable in production will break without warning. Shopify retires API versions quarterly.
| Token | Format | Use |
|---|---|---|
| Admin API access token | shpat_* | Custom apps — stable, long-lived |
| CLI session token | Short-lived | Shopify CLI commands only |
| Storefront API token | shpca_* | Public storefront queries |
This skill sets up Admin API access tokens — the right choice for product and content management.
Shopify uses a leaky bucket rate limiter:
For bulk operations, use the bulkOperationRunQuery mutation instead of looping.
references/api-scopes.md — Admin API scopes needed for product and content management