← All Shopify articles
20 min quiz

45 Shopify Backend Developer Interview Questions — The Interactive Quiz

A backend developer at a laptop preparing for a Shopify app technical interview.
Forty-five Shopify backend questions, four choices each, scored live. Find out whether you would survive a real app codebase — or just the docs.

Most Shopify backend interview lists stop at "what is OAuth" and "name three webhook topics". You can pass that and still ship an app that gets throttled into the ground, double-processes every event, and fails App Store review.

So this one is different. Forty-five questions, four answer choices each, click to score. It is aimed at app / backend developers — the GraphQL Admin API and cost-based throttling, webhooks done right (HMAC, idempotency, reconciliation), metafields and metaobjects, Shopify Functions and checkout extensibility, OAuth and security, and scaling. Each question is labeled Junior Mid Senior so you can see where the bar is. Click an option, see whether you got it right, read the short explanation, move on. Your score updates live, with a breakdown by topic at the end.

Whether you are prepping for the chair or sitting on the other side of it, the goal is the same — find the gap between people who can run a Shopify app in production and people who can recite the docs.

Answered 0 / 45·Score 0 / 0

A. Apps & architecture

The foundation. If a candidate can’t place where an app runs and how it talks to Shopify, the rest won’t hold up.

Question 1Junior
Which API does a backend app use to read and write a store’s data (products, orders, customers)?
Question 2Junior
What is an “embedded” Shopify app?
Question 3Mid
What does Shopify App Bridge provide?
Question 4Mid
How does an app charge a merchant a monthly subscription?
Question 5Junior
What is the Shopify CLI primarily used for?
Question 6Senior
Where should an embedded app keep the offline access token it gets after OAuth?
Question 7Mid
What is the difference between a public app and a custom app?
Question 8Senior
Which Shopify-maintained library would you reach for to build a Node app?

B. Admin API — GraphQL, REST & rate limits

The day-to-day. Cost-based throttling and bulk operations separate people who built a demo from people who ran an app at scale.

Question 9Junior
Which Admin API does Shopify recommend for new apps?
Question 10Mid
How is the GraphQL Admin API rate limited?
Question 11Mid
How is the REST Admin API rate limited (standard plan)?
Question 12Senior
You need to export 500,000 orders. What do you use?
Question 13Mid
How do you paginate results in the GraphQL Admin API?
Question 14Senior
A GraphQL mutation returns HTTP 200 but nothing changed. The most likely reason?
Question 15Senior
Where do you see how much GraphQL cost you have left after a call?
Question 16Mid
What does the X-Shopify-Shop-Api-Call-Limit header on a REST response tell you?

C. Webhooks & events

Where naïve integrations break in production — missed events, replays, and unverified payloads.

Question 17Junior
What are webhooks for?
Question 18Mid
How do you verify a webhook actually came from Shopify?
Question 19Senior
Which webhooks are mandatory for any app distributed on the App Store?
Question 20Senior
Why must webhook handlers be idempotent?
Question 21Mid
What happens if your webhook endpoint keeps returning 500 or timing out?
Question 22Senior
For very high event volume, what delivery method beats HTTPS webhooks?
Question 23Senior
Webhooks can still be missed. How do you keep your data consistent anyway?

D. Data modeling — metafields & metaobjects

How you store custom data without standing up your own database for everything.

Question 24Junior
What are metafields?
Question 25Mid
What does a metafield definition do?
Question 26Senior
What are metaobjects?
Question 27Mid
How do you make a metafield readable by the theme or Storefront API?
Question 28Senior
Which metafield type would you use to link a product to several related products?
Question 29Mid
You need to store app-specific config on each product but don’t want your own DB. Best approach?

E. Functions & checkout extensibility

The modern way to customize checkout and commerce logic. A candidate still reaching for checkout.liquid or Scripts is out of date.

Question 30Junior
What are Shopify Functions?
Question 31Mid
What are Shopify Functions compiled to and run as?
Question 32Senior
What replaced checkout.liquid and the Script Editor for customizing checkout (Plus)?
Question 33Mid
You want a “buy 3, get the cheapest free” promotion the merchant can configure. What do you build?
Question 34Senior
During execution, can a Shopify Function call your external API?
Question 35Mid
How does a Function get per-merchant configuration?
Question 36Senior
Why are Functions a better fit for checkout logic than a post-checkout webhook?

F. Auth & security

OAuth, session tokens, scopes, and customer-data rules. Get these wrong and the app fails review — or leaks data.

Question 37Mid
What is the right shape of the Shopify OAuth grant flow?
Question 38Senior
Session tokens vs access tokens — what authenticates what?
Question 39Mid
What are access scopes?
Question 40Senior
Your app reads customer PII. What approval do you need?
Question 41Mid
On the OAuth callback, how do you confirm the request is legitimate before exchanging the code?

G. Reliability & scale

The senior signal: handling throttling, large jobs, and concurrent writes without losing or duplicating data.

Question 42Senior
How should an app handle GraphQL throttling gracefully?
Question 43Mid
Why prefer a bulk operation over a loop of paginated queries for a large export?
Question 44Senior
A webhook and a scheduled sync both update the same order record around the same time. How do you avoid a bad overwrite?
Question 45Mid
A webhook triggers work that takes 30 seconds. What’s the right pattern?
Live result
0 / 45
0% correct (so far — 0 of 45 answered)
Early days

Shopify’s backend is deeper than the docs make it look. Start with apps and OAuth (A), then the GraphQL Admin API and its rate limits (B), then webhooks done right (C). The rest builds on those three.

By section
A. Apps & architecture
0 / 8
B. Admin API — GraphQL, REST & rate limits
0 / 8
C. Webhooks & events
0 / 7
D. Data modeling — metafields & metaobjects
0 / 6
E. Functions & checkout extensibility
0 / 7
F. Auth & security
0 / 5
G. Reliability & scale
0 / 4

A note on where Shopify backend is heading

The shifts worth probing in 2026: GraphQL-first everywhere (REST is legacy for app development, so a candidate who only knows REST is behind), checkout extensibility (Functions and UI extensions replaced checkout.liquid and Scripts), and Functions as the place for commerce logic — Wasm, deterministic, no network, configured by metafields.

But the fundamentals — OAuth and where tokens live, verifying webhooks and making handlers idempotent, respecting the rate limits, and modeling custom data with metafields and metaobjects — have not changed. The 45 questions above are still the right list.

Related reading

Turn questions into checkout.

WisWes drops into your store and guides shoppers from browsing to buying. 14-day free trial — no card.