The Core Shopify APIs for Headless Storefronts Built With Shopify

As I’ve been developing headless Shopify storefronts, I keep coming back to three main APIs. No matter which framework I use, whether it’s Next.js, Remix, or another, these are the key tools that power almost everything for modern, custom shopping experiences:

• Storefront API
• Admin API
• Customer Account API

Below, I’ll summarize what each API does, when I use it, and a few important points based on real-world development.

Storefront API

The Storefront API is for anything that customers interact with directly. I use it to display products, collections, and to manage shopping carts from the client side. The API is designed for fast, public-facing operations.

Common use cases for Storefront API:

• Fetching product and collection information
• Searching for products or collections
• Creating and updating shopping carts
• Starting the checkout process

Access information:

• Uses a public access token, which is safe for frontend use
• Requests are rate-limited based on the buyer’s IP address

It is important to note that the Storefront API’s resource IDs are base64-encoded and do not match the format used by the Admin API.

Admin API

The Admin API is used for managing store data that should never be exposed to customers or on the public web. Any changes to store configuration or sensitive operations belong here. This API is for server-side use only.

Common use cases for Admin API:

• Creating, updating, and deleting products or collections
• Managing orders, inventory, and fulfillment processes
• Working with metaobjects and advanced Shopify features
• Any backend process or integration that requires full data access

Access information:

• Uses secret tokens or API keys, which should only be available to servers
• Supports both REST and GraphQL endpoints
• Requires careful permission management for security

Never expose your Admin API credentials on the frontend or client-side; these should always be kept secure on your backend.

Customer Account API

The Customer Account API is Shopify’s newer API dedicated to everything related to customer authentication and account management, especially in headless setups. With the Customer Account API, authentication is handled using OAuth2, and users can log in without passwords by using one-time codes.

Common use cases for Customer Account API:

• Signing up or logging in customers in a passwordless flow
• Retrieving and updating customer profile information
• Displaying a customer’s order history and addresses
• Managing customer metafields for personalized experiences

Access information:

• Authentication is managed via OAuth2 flows and session cookies
• Most of the authentication logic is offloaded to Shopify, which simplifies implementation and increases security

Shopify intentionally made this API separate from the Storefront and Admin APIs to improve privacy and comply with data protection standards. You specifically request only the information your application needs.

Typical workflow:

1. Customer registers or logs in using a code sent by email
2. Shopify returns a session token, which I store in a browser cookie
3. Use this session to access customer profile or display order history

Quick Reference Table

Why This Structure?

Separating these APIs provides security, clarity, and efficiency. Each API has a specific purpose. Storefront API is for customer-side data, Admin API is for private store management, and the Customer Account API focuses on secure customer accounts and privacy.

What’s Next

In upcoming articles, I will go deeper into each API. I plan to show setup instructions, practical code examples, and common patterns for integrating these APIs into different frameworks. If you need a specific guide or have any questions, let me know. This overview should help you start planning or building your headless Shopify project with the right tools from the beginning.

Thanks,

Matija