shopify-mcp-server
by bcsgarcia
Overview
A middleware HTTP API designed to simplify, build, and execute Shopify GraphQL search queries for automation tools.
Installation
docker run -p 3000:3000 --env-file .env shopify-mcp-serverEnvironment Variables
- PORT
- SHOPIFY_STORE_URL
- SHOPIFY_ACCESS_TOKEN
- SHOPIFY_API_VERSION
- MCP_API_KEY
Security Notes
Authentication middleware is explicitly disabled if the `MCP_API_KEY` environment variable is not set, leading to unauthenticated access to all endpoints. This is a critical vulnerability. The query builder uses direct string concatenation to construct Shopify's search query parameters, which, while relying on Shopify's internal sanitization for search input, could potentially be vulnerable to unexpected query behavior or injection if specific malicious patterns are not fully neutralized. The `/api/execute-query` endpoint allows executing arbitrary GraphQL queries, making it a powerful endpoint that requires robust protection by the API key.
Similar Servers
saleor-mcp
Provides a Python-based GraphQL API server, likely serving as a backend microservice or API for a Saleor e-commerce ecosystem.
mcp-for-woocommerce
Connects WordPress and WooCommerce to AI systems via Model Context Protocol, enabling AI agents to query and manage e-commerce data (products, orders, categories, shipping, payments, taxes) and content (posts, pages).
mcp-graphql-forge
A modular MCP server that converts GraphQL API endpoints into discoverable and configurable tools for agents.
graphql-mcp-bridge
Facilitates seamless integration between GraphQL APIs and Model Context Protocol (MCP) compatible AI systems by converting GraphQL schemas into type-safe, validated MCP tools.