Setting up the Openflow Connector for Shopify

Note

This connector is subject to the Snowflake Connector Terms.

This topic describes the steps to set up the Openflow Connector for Shopify.

Prerequisites

  1. Review About the Openflow Connector for Shopify.

  2. Set up your runtime deployment.

  3. If you are using Openflow - Snowflake Deployments, ensure that you have reviewed the required domain configuration and have granted access to the domains required by the connector.

  4. Ensure you have access to the Openflow admin role or a similar role you use to manage Openflow.

  5. If you’re creating a Snowflake service user to manage the connector, set up key pair authentication. For more information, see key pair authentication.

Required endpoints

The following endpoint is required for the connector to function:

  • <your_store>.myshopify.com:443 (for example, mystore.myshopify.com:443)

If you are using Openflow - BYOC Deployments, configure your cloud network egress to allow HTTPS (port 443) access to this endpoint. If you are using Openflow - Snowflake Deployments, you must create a network rule and an external access integration (EAI). For more information, see Create a network rule (Openflow - Snowflake Deployments only).

Set up Shopify

A Shopify store administrator must create a custom app and generate an Admin API access token for the connector to authenticate.

  1. Log in to your Shopify admin at https://admin.shopify.com/store/<your_store>.

  2. Navigate to Settings » Apps » Develop apps.

  3. Select Create an app. Provide an app name and select a developer.

  4. On the Configuration tab, select Configure Admin API scopes.

  5. Select the read_* scopes corresponding to the object types you want to replicate. For example:

    • read_orders: orders, transactions, fulfillments (access limited to the last 60 days by default; request the read_all_orders scope in the Partner Dashboard to access the full order history)
    • read_products: products, product variants, collections
    • read_customers: customers, segments
    • read_inventory: inventory items, locations
    • read_merchant_managed_fulfillment_orders: fulfillment orders

    For the full list of available scopes, see the Shopify access scopes reference.

    Note

    Grant only the scopes required for the objects you intend to replicate. You can update scopes later by editing the app configuration.

    Some GraphQL fields require write scopes to read (for example, marketingUnsubscribeUrl on the Customer object requires write_customers). If you don’t grant the corresponding write scope, the Shopify API returns an error for that field. To avoid this, either omit the field from the graphqlFields list in the Object Definitions Override parameter, or add it to ignoredFields. Note that ignoredFields works on top-level field names only. For nested fields, you must remove them from the graphqlFields sub-selection.

  6. Select Save.

  7. Go to the API credentials tab and select Install app. Confirm the installation.

  8. Copy the Admin API access token and store it in a secure location. You need this token when configuring the connector.

Warning

The access token is displayed only once. If you lose it, you must uninstall and reinstall the app to generate a new token.

For more information, see Generate access tokens for custom apps in the Shopify developer documentation.

Set up your Snowflake account

As an Openflow administrator, perform the following tasks to set up your Snowflake account.

Create a Snowflake service user (Openflow - BYOC Deployments only)

Note

This step is only required if you are deploying the connector in Openflow - BYOC Deployments. It isn’t needed for Openflow - Snowflake Deployments.

  1. Create a service user:

    USE ROLE USERADMIN;
CREATE USER <openflow_service_user>
  TYPE=SERVICE
  COMMENT='Service user for the Shopify connector';

  2. Store the private key for that user in a file to supply to the connector’s configuration. For more information, see key pair authentication.

    ALTER USER <openflow_service_user> SET RSA_PUBLIC_KEY = '<pubkey>';

Create database, schema, and warehouse

  1. Create the destination database:

    USE ROLE ACCOUNTADMIN;
CREATE DATABASE IF NOT EXISTS <shopify_database>;

  2. Create the destination schema:

    CREATE SCHEMA IF NOT EXISTS <shopify_database>.<shopify_schema>;

  3. Create a role for the connector and grant the required privileges:

    CREATE ROLE IF NOT EXISTS <shopify_connector_role>;

GRANT USAGE ON DATABASE <shopify_database> TO ROLE <shopify_connector_role>;
GRANT USAGE ON SCHEMA <shopify_database>.<shopify_schema> TO ROLE <shopify_connector_role>;
GRANT CREATE TABLE ON SCHEMA <shopify_database>.<shopify_schema> TO ROLE <shopify_connector_role>;

  4. Create a warehouse (or use an existing one) and grant usage privileges:

    CREATE WAREHOUSE IF NOT EXISTS <shopify_warehouse>
  WITH
  WAREHOUSE_SIZE = 'SMALL'
  AUTO_SUSPEND = 300
  AUTO_RESUME = TRUE;

GRANT USAGE, OPERATE ON WAREHOUSE <shopify_warehouse> TO ROLE <shopify_connector_role>;

  5. If using Openflow - BYOC Deployments, assign the role to the service user:

    GRANT ROLE <shopify_connector_role> TO USER <openflow_service_user>;
ALTER USER <openflow_service_user> SET DEFAULT_ROLE = <shopify_connector_role>;

Create a network rule (Openflow - Snowflake Deployments only)

Note

If your runtime executes in Openflow - BYOC Deployments, you don’t need to create an External Access Integration (EAI). Instead, configure your cloud network egress to allow HTTPS (port 443) access to your Shopify store domain.

To allow the connector to call the Shopify API from a Snowflake-hosted runtime, create a network rule and an external access integration (EAI), and then grant the Snowflake role usage privileges on the EAI.

  1. Create a network rule:

    USE ROLE ACCOUNTADMIN;

CREATE OR REPLACE NETWORK RULE openflow_<runtime_name>_shopify_network_rule
  TYPE = HOST_PORT
  MODE = EGRESS
  VALUE_LIST = ('<your_store>.myshopify.com:443');

  2. Create an External Access Integration:

    CREATE OR REPLACE EXTERNAL ACCESS INTEGRATION openflow_<runtime_name>_shopify_eai
  ALLOWED_NETWORK_RULES = (openflow_<runtime_name>_shopify_network_rule)
  ENABLED = TRUE;

  3. Grant your Snowflake role USAGE on the integration:

    GRANT USAGE ON INTEGRATION openflow_<runtime_name>_shopify_eai
  TO ROLE openflow_runtime_role_<runtime_name>;

Install the connector

To install the connector, do the following as a data engineer:

  1. Navigate to the Openflow overview page. In the Featured connectors section, select View more connectors.

  2. On the Openflow connectors page, find the connector and select Add to runtime.

  3. In the Select runtime dialog, select your runtime from the Available runtimes drop-down list and click Add.

    Note

    Before you install the connector, ensure that you have created a database and schema in Snowflake for the connector to store ingested data.

  4. Authenticate to the deployment with your Snowflake account credentials and select Allow when prompted to allow the runtime application to access your Snowflake account. The connector installation process takes a few minutes to complete.

  5. Authenticate to the runtime with your Snowflake account credentials.

The Openflow canvas appears with the connector process group added to it.

Configure the connector

To configure the connector, perform the following steps:

  1. Right-click on the added connector process group and select Parameters.
  2. Populate the required parameter values as described in the following sections.

Shopify parameters

ParameterDescription
Shop Domain

The myshopify.com domain for your store.

Example: mystore.myshopify.com

Access TokenThe Admin API access token generated from the custom app in your Shopify store. Stored securely as a sensitive parameter.
Shopify API Version

The Shopify Admin API version to use for requests.

Default: 2026-04

Objects to Sync

Comma-separated or newline-separated list of Shopify object types to replicate. Case-insensitive. Each value must correspond to a query endpoint in the Shopify Admin GraphQL API (for example, orders corresponds to the orders query, products to the products query). Types not found in the built-in catalog are skipped unless a custom definition is provided through the Object Definitions Override parameter or Enable Introspection is true.

Default: orders,products,customers,productVariants,inventoryItems,collections

Objects to Track for Deletes

Comma-separated or newline-separated list of Shopify object types to monitor for deletions through the Events API. Each type is polled independently. Types not found in the registry are skipped. Leave empty to disable delete tracking entirely.

Example: products, customers, collections

Sync Schedule

How frequently the connector polls Shopify for new or updated data. Uses NiFi scheduling syntax.

Example: 15 min

Deletes Schedule

How frequently the connector polls the Shopify Events API for deletion events. Uses NiFi scheduling syntax. Set this to a longer interval than the sync schedule to reduce API cost.

Example: 30 min

Object Definitions Override

Optional JSON array to add new object definitions or override existing ones in the built-in catalog. Each element fully replaces the catalog entry for that apiType. Use this parameter to customize which fields are extracted, define promoted columns, or register custom object types.

For more information, see Object definition overrides.

Enable Introspection

When true, unknown object types are auto-discovered by querying the Shopify Admin GraphQL introspection endpoint. Discovered definitions are cached for 24 hours.

Default: false

Ignore Deprecated Fields

When true, deprecated GraphQL fields are excluded from introspection-generated queries. Only applicable when Enable Introspection is true.

Default: true

Snowflake destination parameters

ParameterDescription
Snowflake Authentication Strategy

Authentication strategy for the connector to connect to Snowflake.

  • SNOWFLAKE_MANAGED (default): Uses the Snowflake-managed token associated with the specified Snowflake runtime role. Snowflake recommends this option for both Openflow - Snowflake Deployments and Openflow - BYOC Deployments.
  • KEY_PAIR: Uses a user-provided RSA key pair. Available only on Openflow - BYOC Deployments, for cross-account scenarios.
Snowflake Account Identifier

Snowflake account identifier, formatted as <organization>-<account>. Required when the authentication strategy is KEY_PAIR.

Example: MYORG-MYACCOUNT

Snowflake UsernameThe Snowflake user for authentication. Required when the authentication strategy is KEY_PAIR.
Snowflake Private Key

PEM-encoded private key content (PKCS8 format) for Snowflake key pair authentication. Required when the authentication strategy is KEY_PAIR. Stored securely as a sensitive parameter.

Either this parameter or Snowflake Private Key File must be defined.

Snowflake Private Key File

Alternative to Snowflake Private Key. Upload the private key file by selecting the Reference asset checkbox, uploading the file as an asset, and selecting the asset as the value for the parameter.

Either this parameter or Snowflake Private Key must be defined.

Snowflake Private Key PasswordPassword to decrypt the Snowflake private key, if the key is encrypted. Only applicable when the authentication strategy is KEY_PAIR.
Snowflake RoleThe Snowflake role used for table creation, data ingestion, and access verification.
Destination DatabaseName of the destination database in Snowflake. The database must already exist before starting the connector.
Destination SchemaName of the destination schema in Snowflake. The schema must already exist before starting the connector.
Snowflake WarehouseThe Snowflake warehouse used for table management operations such as CREATE TABLE and MERGE.

Run the flow

  1. Right-click on an empty area of the canvas and select Enable all Controller Services.
  2. Right-click on the connector process group and select Start.

The connector starts querying the Shopify Admin API and loading data into Snowflake.

Next steps