Shopify API Monitoring
Guardrly includes 50 semantic rules for the Shopify Admin API, covering 10 operation categories.
Monitored Operations
Products
- Delete product → Risk Level 3
- Update product price or inventory → Risk Level 2
- Create product → Risk Level 1
Orders
- Delete order → Risk Level 3
- Issue refund → Risk Level 2
- Cancel order → Risk Level 2
- Create fulfillment → Risk Level 1
Inventory
- Adjust inventory levels → Risk Level 2
- Set inventory → Risk Level 2
- Connect inventory location → Risk Level 1
Webhooks
All webhook operations are Risk Level 3 (data exfiltration risk):
- Create webhook
- Delete webhook
- Update webhook
Shop Settings
All shop setting modifications are Risk Level 3:
- Update shop details
- Modify shipping zones
- Change store policies
Customers
- Delete customer → Risk Level 3
- Update customer data → Risk Level 2
- Create customer → Risk Level 1
Alert Thresholds
Guardrly fires alerts for Shopify operations when:
- 3 consecutive DELETE operations (any resource)
- 3 consecutive 403 Forbidden responses
- 2 consecutive 429 Rate Limited responses
- More than 50 requests in 5 minutes
Setup
No configuration required. Guardrly automatically detects Shopify API calls by hostname (*.myshopify.com).