Core Question:
Developers seek a publicly accessible schema for Shopify’s Admin GraphQL API to generate client libraries during CI/CD builds without exposing authentication credentials.
Solution Provided:
Shopify offers public schema endpoints that support GraphQL introspection:
Storefront API: https://shopify.dev/storefront-graphql-direct-proxy/2024-10
(Version numbers can be adjusted as needed)
Key Technical Details:
These URLs return 404 when accessed directly in browsers because they’re GraphQL endpoints, not static files
They require introspection queries (not simple GET requests) to retrieve schema data
Tools like Hoppscotch, JetBrains GraphQL plugin, typed-graphql-builder, Apollo Client, and Rover can successfully query these endpoints
CORS policies may require proxy settings in some tools
Example curl command provided for manual introspection queries
Alternative Approach:
Developers can still use store-specific authenticated endpoints with tools like Apollo Client or Rover, though this requires embedding credentials.
Status: Resolved with working public endpoints, though initial confusion arose from the non-standard endpoint behavior.
Summarized with AI on November 1.
AI used: claude-sonnet-4-5-20250929.
Does anyone know if there’s a publicly-available schema of the Admin API? Or can you only access it via a store’s authenticated endpoint (e.g https://.myshopify.com/admin/api//graphql.json)?
I’m in a situation where my continuous integration system needs the schema to generate a client-side library at build time, and the specifics of the CI make it such that I can’t pass an environment variable without making it public. Because the authentication header requires a secret key, I obviously don’t want to do this. I’m wondering if this info is exposed via a public API, since Shopify exposes a publicly-browsable version of the API in the online documentation.
Bumping this good question for some kind of Shopify response. Many GraphQL client packages support downloading schema json and code-generating typed libraries. It sucks as part of CI to have to embed a store specific URL and auth token to download the non-secret schema. Anyone at Shopify have any insight to offer here?
Hi @bretto36 , for REST calls, you have to use the “X-Shopify-Access-Token” header in your request to pass the secret key, which you can find in your custom app’s configuration page via the Shopify admin. You can reference the documentation here for an example of how to make an authenticated call.
Please note, however, this question is intended to see if there’s a way to retrieve the GraphQL schema without having to pass this header, so please do not mark this as an accepted solution.
TicoScout & Joebow: You cannot just click the link in a browser or make a simple GET request. The endpoint is a GraphQL endpoint that supports introspection queries. You might try various tools, such as https://hoppscotch.io/graphql to assist. Make sure to turn the proxy setting on for tools like Hoppscotch or the connections will likely be blocked by CORS policies.
Yeah i mean most of services are easy to understand their json response or they make package or something but they seems they update endpoint quite often and regularly by the date!?!. I dont think they are making it for developers. Shopify is just for the people who want bootstrap app.
These URLs worked perfectly for me in PhpStorm using the JetBrains GraphQL plugin. Now I have autocomplete, type information, and field descriptions in my *.graphql files.
So, they 404 when just clicking on them. But tools that use schema introspection can read them (like typed-graphql-builder for typescript). A strange decision but basically Shopify doesn’t accept direct navigation.
So, they 404 when just clicking on them (anymore). But tools that use schema introspection can read them (like typed-graphql-builder for typescript). A strange decision but basically Shopify doesn’t accept direct navigation.
Some things have changed and these URLs do work, but do not work directly in the browser or with curl. Many schema introspection tools should be able to use it, like typed-graphql-builder for typescript
The reason the “URL does not work” and returns a 404 response in a normal web browser is because the URL is a GraphQL endpoint, not a static schema file (as I thought initially). It should be called a “Schema Endpoint”, not a “Schema”, to avoid the confusion.
“Introspection - A GraphQL service supports introspection over its schema. This schema is queried using GraphQL itself, creating a powerful platform for tool-building.”
This is perfect, thank you. For those concerned about the 404 they’re seeing in the browser, please see @Shailesh_Aten comment below—the posted link is a GraphQL endpoint and not intended for web browsing.
