API Access
Weaverse provides two APIs for accessing your store and content data from external applications:| API | Type | Purpose |
|---|---|---|
| Content API | Read-only REST | Pages, theme settings, translations, languages |
| Admin API Proxy | Shopify GraphQL passthrough | Products, orders, metaobjects, themes |
Authentication
Both APIs share the same token system. Generate tokens from Dashboard → Settings in the Weaverse Studio. Pass your token via theAuthorization header:
Content API
The Content API is a read-only REST API for accessing Weaverse-managed content:- Pages — retrieve page content and section data
- Theme settings — read global theme configuration
- Languages — list available translations
- Projects — enumerate projects for the shop
Admin API Proxy
The Admin API Proxy forwards Shopify Admin GraphQL queries through Weaverse, so you don’t need to manage Shopify credentials directly:- Products & collections — query catalog data
- Metaobjects — read custom data structures
- Themes & files — access theme assets and uploaded files
- Orders & customers — available with optional scopes
Best Practices
- One token per integration — if a token is compromised, revoke it without disrupting other integrations
- Use descriptive names — label tokens by integration (e.g., “Mobile App - Production”, “CMS Sync”) for easy identification
- Monitor
lastAccess— review token activity in Dashboard → Settings to detect stale or unauthorized usage - Principle of least privilege — for Admin API Proxy, only enable the scopes your integration actually needs
- Keep tokens server-side — never embed API tokens in client-side JavaScript or mobile app bundles