Shopify Admin API
The Shopify Admin API is the GraphQL + REST interface that authenticated apps use to read and modify shop data — products, orders, customers, themes, metafields. AccessComply's fix pipeline uses the `themeFilesUpsert` GraphQL mutation to write source-code accessibility fixes directly into theme files.
Detailed explanation
The Admin API has two surfaces: a GraphQL endpoint at `/admin/api/{version}/graphql.json` and a legacy REST surface. Modern Shopify apps use GraphQL exclusively — it is rate-limited by query cost (1,000 cost points per minute per shop) rather than per-request.
For accessibility tooling specifically, the relevant mutations are: `themeFilesUpsert` (write/replace theme files in batches up to 50), `productImageUpdate` / `productMediaUpdate` (set alt text), and `metafieldsSet` (store fix-history audit-log records).
Apps must declare specific OAuth scopes to access these mutations. AccessComply requires `read_themes`, `write_themes` (approved by Shopify in Feb 2026), `read_products`, `write_products` (for alt-text fixes), and the standard `read_locales` for storefront locale detection.
How this applies to Shopify stores
Source-code accessibility fixes only happen via the Admin API's theme mutations — overlay apps inject runtime JavaScript and never call Admin API mutations. The presence of `write_themes` scope in an app's required-scope list is a fast signal of whether the app actually modifies your theme.
Primary source: shopify.dev