Shopify

Name: QuantaSeal
Brand: QuantaSeal
Price: 69 AUD

E-commerce

system_type: "shopify"

Proxy Shopify Admin REST API calls for orders, customers, and products with PQC encryption.

Overview#

The Shopify connector proxies Shopify Admin API calls. Private app credentials or custom app API tokens are sealed in QuantaVault. Supports order management, customer data, product catalog, and inventory operations.

Base URL: https://api.quantaseal.io/api/v2/proxy/outbound
Auth header: X-API-Key: qs_live_…

Prerequisites#

1A Shopify store with a Custom App or Private App
2Admin API access token from the app settings
3Your shop domain (e.g. mystore.myshopify.com)

Configuration#

Follow these steps to connect Shopify to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

1
In Shopify Admin, go to Apps → Develop apps → Create an app.
2
Configure Admin API scopes: read_orders, write_orders, read_customers.
3
Install the app and copy the Admin API access token.
4
Seal: POST /api/v2/vault/seal with credential_type: api_key.
5
Create integration with system_type: shopify, config: {shop_domain: 'mystore.myshopify.com'}.

Authentication Types#

Seal the Shopify Admin API access token as api_key. The shop domain is stored in integration config.

API Key

All credential types are sealed in QuantaVault with ML-KEM-768 + AES-256-GCM and wrapped by your tenant AWS KMS CMK before storage. See the Vault API reference for the full list of credential types and seal/unseal endpoints.

Available Operations#

QuantaSeal enforces a default-deny operation policy. Only operations listed in your integration's allowed_operations array will be permitted. Add operations when creating or updating the integration.

Operation	Description
`get_order`	Retrieve a Shopify order by ID.
`list_orders`	List orders with status and date filters.
`get_customer`	Retrieve a customer record.
`list_products`	List products in the catalog.
`update_inventory`	Update inventory levels.

Code Example#

Every proxy call returns a HybridCryptoEnvelope - the response is ML-KEM-768 key-encapsulated, AES-256-GCM encrypted, and signed with ML-DSA-65 + HMAC-SHA-512. Verify both signatures before trusting the decrypted payload.

bashCopy

curl -X POST https://api.quantaseal.io/api/v2/proxy/outbound \
  -H "X-API-Key: qs_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"integration_id":"int_SHOP001","operation":"list_orders","payload":{"status":"paid","limit":50,"created_at_min":"2026-01-01T00:00:00Z"}}'

Decrypt the response using the QuantaSeal SDK: client.encryption.decrypt(envelope). Both the ML-DSA-65 signature and the HMAC-SHA-512 signature must pass - QuantaSeal uses a bitwise & check, not short-circuit and.

Troubleshooting#

401 - [API] Invalid API key or access token

Shopify API tokens are tied to the app installation. If the app was reinstalled or the token was reset, rotate the vault credential.

Still stuck? Check the Security Events page in the Admin Console for detailed proxy error logs, or open a support ticket at quantaseal.io/support.

All Connectors API Reference