Shopify MCP Manager
Provides over 30 tools for fully managing a Shopify store, including products, orders, customers, inventory, discounts, analytics, and shop configuration via the Shopify Admin GraphQL API.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Shopify MCP Managerlist my top 5 best-selling products"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Shopify MCP Manager
An MCP (Model Context Protocol) server for fully managing a Shopify store through AI assistants like Cursor or Claude Desktop.
Architecture
┌─────────────────┐ stdio ┌──────────────────┐ GraphQL ┌──────────────┐
│ Cursor / Claude │◄──────────────►│ MCP Server │◄────────────►│ Shopify API │
│ (MCP Client) │ │ (Node.js) │ │ Admin API │
└─────────────────┘ └──────────────────┘ └──────────────┘
│
▼
┌──────────────────┐
│ token-store.json │
│ (Access Token) │
└──────────────────┘OAuth Flow
┌──────────┐ 1. /auth/start ┌──────────────────┐
│ Browser │◄────────────────────►│ OAuth Server │
│ │ │ (localhost:3847) │
└─────┬─────┘ └──────────────────┘
│ ▲
│ 2. Redirect to Shopify │ 5. Save token
▼ │
┌──────────────┐ 3. Authorize ┌──────────────────────────────┐
│ Shopify │───────────────►│ Cloudflare Worker │
│ Grant Screen│ 4. Callback │ (your-oauth-callback. │
└──────────────┘ + Auth Code │ workers.dev) │
│ │ │
│ Redirect to localhost:3847 │
│ /callback │
└──────────────────────────────┘Related MCP server: shopify-graphql-mcp
Prerequisites
Node.js >= 18
A Shopify App (created in the Dev Dashboard)
A Cloudflare Worker for URL redirect (OAuth callback)
Quick Start
1. Install dependencies
npm install2. Configuration
Copy .env.example to .env and fill in your values:
cp .env.example .envRequired values from the Shopify Dev Dashboard:
SHOPIFY_API_KEY → Client ID of your app
SHOPIFY_API_SECRET → Client Secret of your app
SHOPIFY_DOMAIN → Your myshopify.com domain
SHOPIFY_REDIRECT_URL → Your Cloudflare Worker callback URL
3. Configure Shopify App
In the Shopify Dev Dashboard under your app:
Set App URL to your Cloudflare Worker domain (e.g.
https://your-oauth-callback.workers.dev)Add Allowed redirection URLs:
https://your-oauth-callback.workers.dev/callback
4. Configure Cloudflare Worker
Your Cloudflare Worker must redirect OAuth callbacks from Shopify to your local server.
Example Worker:
export default {
async fetch(request: Request): Promise<Response> {
const url = new URL(request.url);
// OAuth callback from Shopify → Redirect to local server
if (url.pathname === "/callback") {
const localUrl = `http://localhost:3847/callback${url.search}`;
return Response.redirect(localUrl, 302);
}
// App URL request from Shopify → Redirect to local server
if (url.searchParams.has("shop")) {
const localUrl = `http://localhost:3847${url.pathname}${url.search}`;
return Response.redirect(localUrl, 302);
}
return new Response("Shopify OAuth Endpoint active.", { status: 200 });
},
};5. Run OAuth
npm run oauthThis starts a local server and opens the browser. Log in to Shopify and grant the permissions. The access token is automatically saved to token-store.json.
6. Configure MCP Server in Cursor
Add the following to your Cursor configuration (~/.cursor/mcp.json):
{
"mcpServers": {
"shopify-manager": {
"command": "node",
"args": ["/ABSOLUTE/PATH/TO/src/mcp-server.js"],
"env": {
"SHOPIFY_DOMAIN": "your-store.myshopify.com",
"SHOPIFY_API_VERSION": "2026-01"
}
}
}
}Available Tools (30+)
Shop Management
Tool | Description |
| Shop basics (name, domain, plan, currency) |
| Configured languages |
| Privacy, terms of service, refund policies |
| Shipping destinations |
Products
Tool | Description |
| List products with filtering & pagination |
| Product details with variants & images |
| Create a new product |
| Update a product |
| Delete a product |
| List collections |
Orders
Tool | Description |
| List orders with filtering |
| Order details |
| Update an order |
| Cancel an order |
| Create a draft order |
Customers
Tool | Description |
| List customers |
| Customer details |
| Create a new customer |
| Update a customer |
| Delete a customer |
Inventory
Tool | Description |
| List locations |
| Show inventory levels |
| Adjust inventory |
| Full product inventory |
Discounts
Tool | Description |
| List discount codes |
| Create a discount code |
| List automatic discounts |
Analytics
Tool | Description |
| Count orders |
| Count products |
| Count customers |
| Dashboard overview |
| Run arbitrary GraphQL queries |
OAuth Flow Details
The OAuth 2.0 Authorization Code Grant flow works as follows:
Initiation: User starts the OAuth flow via
http://localhost:3847/auth/startRedirect to Shopify: The app redirects the user to Shopify's authorization page with:
client_id(App API Key)scope(requested permissions)redirect_uri(Cloudflare Worker URL)state(nonce for CSRF protection)
User authorizes: The store owner grants the requested permissions
Callback: Shopify sends an authorization code to the redirect_uri
Cloudflare Worker: Redirects the callback to the local OAuth server
Security checks:
HMAC verification (message authenticity from Shopify)
State/nonce comparison (CSRF protection)
Shop domain validation
Token exchange: The authorization code is exchanged for an access token via
POST https://{shop}/admin/oauth/access_tokenPersistence: The token is saved to
token-store.json
Security Notes
Never commit
token-store.jsonor.env(both are in.gitignore)The
SHOPIFY_API_SECRETis confidentialAccess tokens have the permissions of the configured scopes
If you suspect token compromise: rotate the token via the Shopify Dev Dashboard
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/elsi06/shopify-mcp-manager'
If you have feedback or need assistance with the MCP directory API, please join our Discord server