Note: For changes to the API, see https://shopify.dev/changelog?filter=api
- #1347 Extend webhook registration to support filters
- #1344 Allow ShopifyAPI::Webhooks::Registry to update a webhook when fields or metafield_namespaces are changed.
- #1343 Make ShopifyAPI::Context::scope parameter optional.
scope
defaults to empty list[]
. - #1348 Add config option that will disable the REST API client and REST resources. New apps should use the GraphQL Admin API
- #1327 Support
?debug=true
parameter in GraphQL client requests - #1308 Support hash_with_indifferent_access when creating REST objects from Shopify responses. Closes #1296
- #1332 Fixed an issue where
Customer
REST API PUT requests didn't send all of the fields in theemail_marketing_consent
attribute - #1335 Add back the
current
methods forShop
andRecurringApplicationCharge
resources
- #1312 Use same leeway for
exp
andnbf
when parsing JWT - #1313 Fix: Webhook Registry now working with response_as_struct enabled
- #1314
- Add new session util method
SessionUtils::session_id_from_shopify_id_token
SessionUtils::current_session_id
now accepts shopify Id token in the format ofBearer this_token
or justthis_token
- Add new session util method
- #1315 Add helper/alias methods to
ShopifyAPI::Auth::JwtPayload
:shopify_domain
alias forshop
- returns the sanitized shop domainshopify_user_id
- returns the user Id (sub
) as an Integer valueexpires_at
alias forexp
- returns the expiration time
- #1309 Add
Session#copy_attributes_from
method
- #1071 Fix FulfillmentEvent class types
- Fix: InventoryItem class
harmonized_system_code
attribute type which can be either integer, string or nil - Fix: Variant class
inventory_quantity
attribute type which can be either integer, string or nil - 1293 Add support for using Storefront private access tokens.
- 1302 Deprecated passing the public Storefront access token as a positional parameter to the Storefront GraphQL client in favor of using the named parameter. (You probably want to use the private access token for this client anyway.)
- 1305 Adds support for the
2024-04
API version.
- #1288 Fix FeatureDeprecatedError being raised without a message.
- 1290 Move deprecation of
ShopifyAPI::Webhooks::Handler#handle
to version 15.0.0
- #1274
⚠️ [Breaking] Update sorbet and rbi dependencies. Remove support for ruby 2.7. Minimum required Ruby version is 3.0 - #1282 Fixes a bug where diffing attributes to update not take into account of Array changes and required ids.
- #1254 Introduce token exchange API for fetching access tokens. This feature is currently unstable and cannot be used yet.
- #1268 Add new webhook handler interface to provide
webhook_id
andapi_version
information to webhook handlers. - #1275 Allow adding custom headers in REST Resource HTTP calls.
- #1210 Add context option
response_as_struct
to allow GraphQL API responses to be accessed via dot notation. - #1257 Add
api_call_limit
andretry_request_after
to REST resources to expose rate limit information. - #1257 Added support for the 2024-01 API version. This also includes a fix for the
for_hash
option when creating resources.
- #1244 Add
expired?
toShopifyAPI::Auth::Session
to check if the session is expired (mainly for user sessions) - #1249 Fix bug where mandatory webhooks could not be processed
- #1250 Remove rails methods .empty? .present? that were breaking CI
- #1241 Add
api_host
toShopifyAPI::Context.setup
, allowing the API host to be overridden inShopifyAPI::Clients::HttpClient
. This context option is intended for internal Shopify use only. - #1237 Skip mandatory webhook topic registration/unregistrations
- #1239 Update
OAuth.validate_auth_callback
to useShopifyApi::Clients::HttpClient
.
- #1183 Added string array support for fields parameter in Webhook::Registry
- 1208 Fix CustomerAddress and FulfillmentRequest methods
- 1225 Support for 2023_10 API version
- #1186 Extend webhook registration to support metafield_namespaces
- #1183 Added support for API version 2023-07
- #1157 Fix an issue where read-only attributes are included when saving REST resources
- #1169 Unpin zeitwerk version from 2.6.5
- #1140
⚠️ [Breaking] Reformat Http error messages to be JSON parsable. - #1142 Restore API version 2022-04, in alignment with this changelog notice.
- #1155
⚠️ [Breaking] Remove session storage that was deprecated with #1055. To upgrade, removesession_storage
from your API context block.⚠️ [Breaking] GraphQL Proxy now requiressession
to be passed as an argument. - #1150 [Patch] Add support for Event topic names.
- #1113 Handle JSON::ParserError when http response is HTML and raise ShopifyAPI::Errors::HttpResponseError
- #1098 Gracefully handle HTTP 204 repsonse bodies
- #1104 Allow api version overrides.
- #1137 Support for 2023_04 API version. Fix reported typing bugs.
- #1092 Add support for 2023-01 API version.
- #1081 Fixed an error when parsing the JSON response body for the AssignedFulfillmentOrder resource.
- #1040
ShopifyAPI::Clients::HttpResponse
as argument forShopifyAPI::Errors::HttpResponseError
- #1055 Makes session_storage optional. Configuring the API with session_storage is now deprecated. Session persistence is handled by the shopify_app gem if using Rails.
- #1063 Fix ActiveSupport inflector dependency
- #1069 Adds a custom Logger to help write uniform logs across the api and the shopify_app gem
- #1045 Fixes bug with host/host_name requirement.
- #1023 Allow custom scopes during the OAuth process
- #1017 Add support for
http
with localhost development without using a TLS tunnel
- #1027
⚠️ [Breaking] Remove support for deprecated API version2021-10
and added support for version2022-10
- #1008 Increase session token JWT validation leeway from 5s to 10s
- #1002 Add new method to construct the host app URL for an embedded app, allowing for safer redirect to app inside appropriate shop admin
- #1004 Support full URL and scheme-less URL when registering HTTP webhooks
- #990 Validate
hmac
signature of OAuth callback using both old and new API secrets
- #987
⚠️ [Breaking] Add REST resources for July 2022 API version, remove support and REST resources for July 2021 (2021-07
) API version - #979 Update
ShopifyAPI::Context.setup
to takeold_api_secret_key
to support API credentials rotation - #977 Fix webhook requests when a header is present having a symbol key (e.g.
:clearance
)
- #933 Fix syntax of GraphQL query in
Webhooks.get_webhook_id
method by removing extra curly brace - #941 Fix
to_hash
to return readonly attributes, unless being used for serialize the object for saving - fix issue #930 - #959 Update
LATEST_SUPPORTED_ADMIN_VERSION
to2022-04
to align it with the current value
- #935 Fix issue #931, weight of variant should be float
- #944 Deprecated the
validate_shop
method from the JWT class since we can trust the token payload, since it comes from Shopify.
- #929 Aligning sorbet dependencies
- #919 Allow REST resources to configure a deny list of attributes to be excluded when saving
- #920 Set all values received from the API response to REST resource objects, and allow setting / getting attributes with special characters (such as
?
) - #927 Fix the
ShopifyAPI::AdminVersions
module for backward compatibility
- Major update to the library to provide all essential functions needed for a Shopify app, supporting embedded apps with session tokens. See the full list of changes here
- #891 Removed the upper bound on the
activeresource
dependency to allow apps to use the latest version
- #883 Add support for Ruby 3.0
- #847 Update
create_permission_url
method to use grant_options - #852 Bumping kramdown to fix a security vulnerability
- #843 Introduce a new
access_scopes
attribute on the Session class.- Specifying this in the Session constructor is optional. By default, this attribute returns
nil
.
- Specifying this in the Session constructor is optional. By default, this attribute returns
-
#797 Release new Endpoint
fulfillment_order.open
andfulfillment_order.reschedule
. -
#818 Avoid depending on ActiveSupport in Sesssion class.
-
Freeze all string literals. This should have no impact unless your application is modifying ('monkeypatching') the internals of the library in an unusual way.
-
#802 Made
inventory_quantity
a read-only field in Variant -
#821 Add logging based on environment variable, move log subscriber out of
detailed_log_subscriber
. TheActiveResource::DetailedLogSubscriber
no longer automatically attaches when the class is loaded. If you were previously relying on that behaviour, you'll now need to callActiveResource::DetailedLogSubscriber.attach_to(:active_resource_detailed)
. (If using the newSHOPIFY_LOG_PATH
environment setting then this is handled for you). -
Provide
ApiAccess
value object to encapsulate scope operations #829
- Removes the
shopify
binary which will be used by the Shopify CLI
- Make cursor based pagination return relative uri's when fetching next and previous pages. #726
- Implements equality operator on
Session
#714
- Contains #708 which is a revert for #655 due to the deprecated inventory parameters not being removed correctly in some cases
- We now raise a
ShopifyAPI::ValidationException
exception when clients try to useProduct
andVariant
with deprecated inventory-related fields in API version2019-10
or later. #655 Deprecation and migration information can be found in the following documents: - Added support for the Discount Code API batch endpoints #701
- Fix issue in the README to explicitly say clients need to require the
shopify_api
gem #700
- Added optional flag passed to
initialize_clients
to prevent from raising theInvalidSchema
exception #693
- Added warning message if API version used is unsupported or soon to be unsupported #685
- Take into account "errors" messages from response body #677
-
Breaking change: Improved GraphQL client #672. See the client docs for usage and a migration guide.
-
Added options hash to create_permission_url and makes redirect_uri required #670
-
Release new Endpoint
fulfillment_order.locations_for_move
in 2020-01 REST API version #669 -
Release new Endpoints for
fulfillment
in 2020-01 REST API version #639:fulfillment.create
withline_items_by_fulfillment_order
fulfillment.update_tracking
fulfillment.cancel
-
Release new Endpoints for
fulfillment_order
in 2020-01 REST API version #637:fulfillment_order.fulfillment_request
fulfillment_order.fulfillment_request.accept
fulfillment_order.fulfillment_request.reject
fulfillment_order.cancellation_request
fulfillment_order.cancellation_request.accept
fulfillment_order.cancellation_request.reject
-
Release new Endpoints
fulfillment_order.move
,fulfillment_order.cancel
andfulfillment_order.close
in 2020-01 REST API version #635 -
Release new Endpoint
order.fulfillment_orders
, and active resourcesAssignedFulfillmentOrder
andFulfillmentOrder
in 2020-01 REST API version #633
- Release 2020-01 REST ADMIN API VERSION #656
- Release new Endpoint
collection.products
andcollection.find()
in 2020-01 REST API version #657 - Enrich 4xx errors with error message from response body #647
- Make relative cursor based pagination work across page loads #625
- Small ruby compat fix #623
- Small consistency change #621
- Api Version changes #600
- Remove static Api Version definitions.
- Introduces Api Version lookup modes:
:define_on_unknown
and:raise_on_unknown
- See migration notes
Session.valid?
checks that api_versionis_a?(ApiVersion)
instead ofpresent?
ApiVersion::NullVersion
cannot be instantiated and now has amatch?
method #615- Introduces new Collection endpoint for looking up products without knowing collection type. Only available if ApiVersion is
:unstable
#609
- Add 2019-10 to known API versions
- Add support for cursor pagination #594 and #611
ShopifyAPI::Base.api_version
now defaults toShopifyAPI::ApiVersion::NullVersion
instead ofnil
. Making requests without first setting an ApiVersion raisesApiVersionNotSetError
instead ofNoMethodError: undefined method 'construct_api_path' for nil:NilClass'
#605
- Add 2019-07 to known API versions.
- Support passing version string to
ShopifyAPI::Base.api_version
#563
- Removed support for
ActiveResouce
<4.1
. - Removed
ShopifyAPI::Oauth
. - Added api version support, See migration notes
- Changed
ShopifyAPI::Session
method signatures from positional to keyword arguments, See migration notes - Add support for newer call limit header
X-Shopify-Shop-Api-Call-Limit
. - Removed all Ping resources.
- Removed undocumented
protocol
andport
options fromShopifyAPI::Session
.
- Added
currency
parameter toShopifyAPI::Order#capture
. This parameter is required for apps that belong to the multi-currency beta program.
- Update delivery confirmation resource to delivery confirmation details resource.
- Add delivery confirmation endpoint to Ping resources.
- Log warning when Shopify indicates deprecated API call was performed
- Added
ShopifyAPI::Currency
to fetch list of supported currencies on a shop - Added
ShopifyAPI::TenderTransaction
to fetch list of transactions on a shop - Fixed bug with X-Shopify-Checkout-Version on ShopifyAPI::Checkout header being applied to all requests
- Added
ShopifyAPI::Publications
- Added
ShopifyAPI::ProductPublications
- Added
ShopifyAPI::CollectionPublications
- Added support for new collection products endpoint from
ShopifyAPI::Collection#products
- Breaking change:
ShopifyAPI::Checkout
now maps to the Checkout API, rather than the Abandoned Checkouts API- See the README for more details
- Added
ShopifyAPI::AbandonedCheckout
- Added support for X-Shopify-Checkout-Version header on
ShopifyAPI::Checkout
- Added
ShopifyAPI::ShippingRate
- Added
ShopifyAPI::Payment
- Added support for
Checkout::complete
endpoint - Fixed session handling support for Rails 5.2.1
- Added
ShopifyAPI::ApiPermission
resource for uninstalling an application - Added a deprecation warning to
ShopifyAPI::OAuth
- Added support for the GraphQL API
- Added
ShopifyAPI::InventoryItem
- Added
ShopifyAPI::InventoryLevel
- Added
#inventory_levels
method toShopifyAPI::Location
- Added
ShopifyAPI::AccessScope
- Fix a bug with custom properties for orders
- Added
ShopifyAPI::PriceRule
- Added
ShopifyAPI::DiscountCode
- Added
add_engagements
toShopifyAPI::MarketingEvent
- Added support for URL parameter (e.g. limit & page) to ShopifyAPI::Metafields
- Added support for URL parameter (e.g. limit & page) to metafield operator in ShopifyAPI::Shop
- Removed the mandatory
application_id
parameter fromShopifyAPI::ProductListing
andShopifyAPI::CollectionListing
- Fixed a bug related to the non-standard primary key for
ShopifyAPI::ProductListing
andShopifyAPI::CollectionListing
- Added
ShopifyAPI::Report
- Added
ShopifyAPI::MarketingEvent
- Added
ShopifyAPI::CustomerInvite
- Support for Customer#send_invite endpoint
- Added
ShopifyAPI::ResourceFeedback
- Added support for
complete
inShopifyAPI::DraftOrder
- Fixed the
customer_saved_search_id
param inShopifyAPI::CustomerSavedSearch#customers
.
- Added support for online mode access tokens, token expiry, and associated_user information.
- Added
ShopifyAPI::DraftOrder
- Added
ShopifyAPI::DraftOrderInvoice
- Added
ShopifyAPI::ProductListing
- Added
ShopifyAPI::CollectionListing
- Added
ShopifyAPI::StorefrontAccessToken
- Relax Ruby version requirement to >=
2.0
- Support for ShopifyAPI::ApplicationCredit
- Require Ruby >=
2.3.0
- Use inheritance instead of the deprecated Rails
Module#alias_method_chain
- Support for AccessToken#delegate endpoint
- Support for Users and Discounts (Shopify Plus only)
- Adds Customer#account_activation_url method
- Adds ability to open a fulfillment.
- Threadsafety is now compatible with the latest ActiveResource master
- Added explicit 90 second timeout to
ShopifyAPI::Base
- Added
ShippingAPI::ShippingZone
- Replaced
cancelled
withexpired
inShopifyAPI::ApplicationCharge
- Added
pending
,cancelled
,accepted
,declined
helper methods toShopifyAPI::ApplicationCharge
- Fixed truthiness for order cancellations. Requests are now sent in the request body and as JSON
- Fixed hmac signature validation for params with delimiters (
&
,=
or%
)
- Verify that the shop domain is a subdomain of .myshopify.com which creating the session
- Added
ShopifyAPI::OAuth.revoke
for easy token revocation.
- Fixed CustomerSavedSearch#customers method to now correctly return only relevant customers
- More useful error messages for activating nil sessions
- Add tests for commonly deleted objects, and metafield tests, fix naming error in order_risk_test.rb
- No API changes
- Added pry to the CLI
- Temporary fix for the CLI
- Add a specific exception for signature validation failures
- Added CarrierService resource
- Added optionally using threadsafe ActiveResource (see readme)
- Fixed bug in validate_signature
- in Session::request_token params is no longer optional, you must pass all the params and the method will now extract the code
- Fixed JSON errors handling (#103)
- Fixed compatibility with Ruby 2.1.x (#83)
- Fixed getting parent ID from nested resources like Variants (#44)
- Cleaned up compatibility with ActiveResource 4.0.x
- Added OrderRisk resource
- Added FulfillmentService resource
- Removed discontinued ProductSearchEngine resource
- Added convenience method Customer#search (#45)
- Expose
index
andshow
actions ofLocation
- Added create_permission_url and request_token helper methods
- Edited the readme to better describe the getting started procedure
- Expose
authors
andtags
action on Article
- Add LineItem::Property resource
- Expose
orders
action on Customer
- Expose
complete
action on Fulfillment
- Includes port in domain URI (when other than http/80 or https/443)
- Adds access to CustomerSavedSearch
- Adds resources: Order::DefaultAddress, Client::ClientDetails, Announcement
- Allows access to Articles without a blog_id
- Moves encode and as_json overrides to ShopifyAPI::Base scope
- Exposes the
order
action in SmartCollection for general use
- Add a
customers
helper method to the CustomerGroup resource
- Brevity in require statements
- Fix saving nested resources in ActiveResource 3.1+
- Added support for OAuth Authentication
- Removal of support for Legacy Authentication
- Added Cart resource
- Fix double root bug with ActiveSupport 3.2.0
- Add metafields methods on Customer resource
- Fix prefix_options on assets returned from Asset.find
- Fix issues with resources that have both direct and namespaced routes
- Added detailed logger to help with debugging ActiveResource requests/responses
- Add fulfillment#cancel
- Fix JSON errors handling
- Remove global limit from ShopifyAPI::Limits
- Bump to 2.0.0 as this release breaks Rails 2 compatibility; we're now officially only supporting Rails 3. Rails 2 devs can follow the rails2 tag in this repo to know where we broke off
- Refactored resources into their own source files
- Added API limits functionality
- Patched ActiveResource issue with roots in JSON
- Added pending, cancelled, accepted, and declined convenience methods to ShopifyAPI::RecurringApplicationCharge
- ShopifyAPI::Session#temp now available as a convenience method to support temporarily switching to other shops when making calls
- Fixes to
shopify console
CLI tool
- Fix for Article#comments
- Added Article#comments
- Added Order#cancel
- Added Comment#restore, #not_spam
- Added Customer, CustomerGroup support
- Added ScriptTag support
- Allow abbreviated names for all commands like rails does, e.g. 'shopify c' instead of 'shopify console'
- Fix Variant to support accessing both nested variants with a product prefix as well as top level variants directly
- Add 'grande' to supported product image size variants
- Command-line interface
- Allow custom params when fetching a single Asset
- Add ProductSearchEngines resource
- Fix for users of ActiveResource 3.x
- Remove hard coded xml formatting in API calls
- Remove jeweler stuff
- Ruby 1.9 encoding fix
- Add new Events API for Shop, Order, Product, CustomCollection, SmartCollection, Page, Blog and Article
- Add new 'compact' product image size variant
- Rails 3 fix: attribute_accessors has to be explicitly included since activesupport 3.0.0
- Add metafields
- Add latest changes from Shopify including asset support, token validation and a common base class
- extracting ShopifyAPI from Shopify into Gem