You can use PHP to connect to the Shopify API.

For this you need SimpleXML and CURL support.


  //Modify these
  $API_KEY = 'your-token-here';
  $SECRET = 'your-secret-here';
  $TOKEN = 'your-secret-here';
  $STORE_URL = '';
  $PRODUCT_ID = 'product-id-here';

  $url = 'https://' . $API_KEY . ':' . md5($SECRET . $TOKEN) . '@' . $STORE_URL . '/admin/products/' . $PRODUCT_ID . '.xml';

  $session = curl_init();

  curl_setopt($session, CURLOPT_URL, $url);
  curl_setopt($session, CURLOPT_HTTPGET, 1); 
  curl_setopt($session, CURLOPT_HEADER, false);
  curl_setopt($session, CURLOPT_HTTPHEADER, array('Accept: application/xml', 'Content-Type: application/xml'));
  curl_setopt($session, CURLOPT_RETURNTRANSFER, true);

  if(ereg("^(https)",$url)) curl_setopt($session,CURLOPT_SSL_VERIFYPEER,false);

  $response = curl_exec($session);

  $product_xml = new SimpleXMLElement($response); 

  echo $product_xml->title;
  echo $product_xml->variants->variant->{'inventory-quantity'};

PHP Active Resource

There is a PHP implementation of the active resource style API that Shopify adheres to. This may work:


1. How do I use the API with a private application?

A. The Session class has a flag you must set in order for the API to recognize your application as private. Your application's secret configuration setting must also be set to your private application's password.

$api = new Session('', 'token', API_KEY, SECRET, true);

2. I get the error SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. What do I do?

A. This means that your version of curl is having issues verifying the Shopify store's SSL certificate. To fix this set USE_SSL_PEM to true in your configuration and set CA_PATH to the full path to the provided cacert.pem file.

  • nix based systems
define('CA_FILE', '/path/to/cacert.pem');

Windows (note the double slashes!)

define('CA_FILE', 'C:\\path\\to\\cacert.pem');

3. I get the error [API] Invalid API key or permission token (unrecognized login or wrong password). What do I do?

A. Make sure you correctly set the application API_KEY and SECRET in the configuration settings. If the error persists ensure that you have the store's authentication token. The authentication token is sent to your application's return URL. (Private applications do not need a token)

4. I get the error Warning: Cannot modify header information - headers already sent by ... when trying to redirect to my application's authentication URL. What do I do?

A. This is a common error amongst PHP developers. This means that you tried redirecting after headers were sent to the browser. Once the browser renders any text then headers have been sent. To fix this move your redirect before the <head> tag. Most likely at the top of the file.

5. I get the error Warning: tempnam(): open_basedir restriction in effect. File(/tmp) is not within the allowed path(s). What do I do?

A. In an effort to reduce the bandwidth your application uses the API has gzip encoding enabled by default. This compresses the data you receive from Shopify. To fix the error you can disable gzip by setting GZIP_ENABLED to false in the configuration settings (not recommended) or you can change the path in which you have access to write files. You can do this by specifying a path in the GZIP_PATH settings.

Ready to put what you've learned into action?

Build an online store with Shopify. Try it free.

Experience the future of retail now.

Shopify Point of Sale. Try it free.

Save Cancel