Which integrations are available for this server?

Provides tools for managing Shopify products, orders, inventory, and discounts via the Admin GraphQL API, with support for preview before writing.

How do I use shopify-mcp?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@shopify-mcp search for products containing 'winter'" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

shopify-mcp

by Jad-Assaf

Overview Schema Related Servers Score Discussions

JavaScript

Remote

shopify-mcp-cloud-run

Production-ready Shopify Admin MCP server for Google Cloud Run. It exposes an authenticated MCP endpoint at /mcp and safe Shopify Admin GraphQL tools for products, orders, inventory, discounts, and service health.

Security model

Every /mcp request must include Authorization: Bearer <MCP_API_KEY>.
Origin is validated when present. Set MCP_ALLOWED_ORIGINS to a comma-separated list for browser clients.
Shopify credentials are read only from environment variables and are never logged.
Write tools never write by default. They return a JSON preview unless confirm=true.
Confirmed writes still require ALLOW_WRITE_TOOLS=true.
Destructive actions such as deleting customers/products, refunding orders, or canceling orders are intentionally not implemented.

Related MCP server: Shopify MCP Server

Shopify custom app setup

In Shopify Admin, go to Settings > Apps and sales channels > Develop apps.
Create a custom app for this MCP server.
Configure Admin API scopes:
- read_products
- write_products
- read_orders
- read_inventory
- write_inventory
- read_discounts
- write_discounts
- read_locations
Install the app and copy the Admin API access token.
Store the token in Google Secret Manager or your local .env file.

Environment variables

Copy .env.example to .env for local development:

cp .env.example .env

Required values:

SHOPIFY_SHOP_DOMAIN=your-store.myshopify.com
SHOPIFY_ADMIN_ACCESS_TOKEN=replace-with-shopify-admin-api-token
SHOPIFY_API_VERSION=2026-04
MCP_API_KEY=some-secret-key
ALLOW_WRITE_TOOLS=false

Optional values:

MCP_ALLOWED_ORIGINS=https://your-client.example.com
SHOPIFY_REQUEST_TIMEOUT_MS=20000
SHOPIFY_MAX_RETRIES=2

Keep ALLOW_WRITE_TOOLS=false unless you intentionally want this MCP server to edit Shopify data.

Run locally

npm install
npm run dev

The service listens on 0.0.0.0 using process.env.PORT, defaulting to 8080.

Test health:

curl http://localhost:8080/health

Test MCP initialization:

curl http://localhost:8080/mcp \
  -H "Authorization: Bearer $MCP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-06-18","capabilities":{},"clientInfo":{"name":"curl","version":"1.0.0"}}}'

List tools:

curl http://localhost:8080/mcp \
  -H "Authorization: Bearer $MCP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/list","params":{}}'

Preview vs confirm

All write tools support preview mode. For example, this returns the proposed change without writing to Shopify:

{
  "productId": "gid://shopify/Product/123",
  "seoTitle": "New SEO title",
  "seoDescription": "New SEO description",
  "confirm": false
}

To write, both conditions are required:

Set ALLOW_WRITE_TOOLS=true in the service environment.
Pass "confirm": true to the tool call.

If either condition is missing, the server does not write.

For update_inventory_quantity, a confirmed write first reads the current available quantity at the given location and sends it as Shopify's compare value with an idempotency key. If inventory changed between preview and confirm, Shopify returns a user error instead of silently overwriting the new value.

Cloud Run deployment

Enable required Google APIs:

gcloud services enable run.googleapis.com secretmanager.googleapis.com cloudbuild.googleapis.com

Create Secret Manager secrets:

printf "replace-with-shopify-admin-api-token" | gcloud secrets create shopify-admin-token --data-file=-
printf "some-secret-key" | gcloud secrets create mcp-api-key --data-file=-

Deploy to Cloud Run:

gcloud run deploy shopify-mcp-cloud-run \
  --source . \
  --region me-west1 \
  --allow-unauthenticated \
  --set-env-vars SHOPIFY_SHOP_DOMAIN=your-store.myshopify.com,SHOPIFY_API_VERSION=2026-04,ALLOW_WRITE_TOOLS=false \
  --set-secrets SHOPIFY_ADMIN_ACCESS_TOKEN=shopify-admin-token:latest,MCP_API_KEY=mcp-api-key:latest

Cloud Run is marked --allow-unauthenticated so MCP clients can reach the service, but the /mcp endpoint still requires the bearer token.

MCP tools

health_check
search_products
get_product
update_product_seo
update_product_description
update_product_tags
update_product_metafields
get_orders
get_inventory_by_sku
update_inventory_quantity
create_discount_code

This server cannot be installed

license - not found

quality - not tested

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

–Release cycle

–Releases (12mo)

Commit activity

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Jad-Assaf/shopify-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server