Shopify MCP vs WooCommerce MCP: A Developer's Comparison
A deep-dive comparison of the Shopify and WooCommerce MCP connectors — authentication, sync mechanisms, data models, and architecture patterns for agentic commerce.
Executive summary
Side-by-side comparison of the Shopify and WooCommerce MCP connectors in AgenticMCPStores. Covers architecture (Node.js service vs WordPress plugin), authentication (OAuth 2.0 vs HTTP Basic), data fetching (GraphQL vs REST), sync modes (full vs incremental), test coverage, and setup process.
Published
2026-04-06
11 min
Author
AgenticMCPStores Engineering
Core Protocol Team
Category
integration-guide
AgenticMCPStores connects AI agents to e-commerce stores via two primary connectors: Shopify (OAuth 2.0 + GraphQL) and WooCommerce (REST API + WordPress plugin). Both achieve the same goal — letting agents search products, create carts, and process checkouts — but their architectures are fundamentally different. This post compares them head-to-head from a developer's perspective.
Architecture Overview
Authentication
Shopify: OAuth 2.0 with Auto-Refresh
ShopifyTokenStore table with automatic pre-emptive refresh (5 minutes before expiry). Scopes: read_products, read_inventory, write_checkouts. // Token refresh with exponential backoff (shopify-oauth.service.ts)
for (let attempt = 0; attempt < 3; attempt++) {
const delay = 2000 * Math.pow(2, attempt); // 2s, 4s, 8s
const result = await refreshToken(store.refreshToken);
if (result.ok) return result;
await sleep(delay);
}
// Permanent failure (401/403): set needsReauth flagneedsReauth rather than silently failing.WooCommerce: HTTP Basic Auth
WooCommerce uses static Consumer Key + Consumer Secret via HTTP Basic Auth. Credentials are generated in the WordPress admin panel and stored in WordPress options. No token expiry, no refresh mechanism — credentials persist until manually rotated. HTTPS is mandatory in production (WooCommerce API requirement).
Key trade-off: Shopify's OAuth adds complexity (token refresh, reauth flows, encrypted storage) but provides automatic credential rotation and scoped permissions. WooCommerce's static keys are simpler but require manual rotation and grant full API access.
Data Fetching
Shopify: GraphQL Admin API (2024-10)
endCursor, 100 products per page, sorted by UPDATED_AT descending. query {
products(first: 100, after: $cursor, sortKey: UPDATED_AT) {
edges {
node {
id title descriptionHtml handle vendor productType tags status
priceRangeV2 { minVariantPrice { amount currencyCode } }
variants(first: 100) {
edges { node { id title price sku inventoryQuantity availableForSale } }
}
images(first: 20) { edges { node { url altText } } }
}
}
pageInfo { hasNextPage endCursor }
}
}WooCommerce: REST API v3
page + per_page), configurable from 20 to 100 products per page. Product data includes: id, name, sku, price, regular_price, sale_price, stock_status, stock_quantity, description, short_description, categories, images, and permalink. // WooCommerce REST API calls (class-catalog-sync.php)
GET /wp-json/wc/v3/products?page=1&per_page=100
GET /wp-json/wc/v3/products/categories
// Each product includes inline variant data (no separate query)
// Categories require a join between product.categories[] and fetched categoriesSync Mechanisms
This is where the architectures diverge most significantly:
- 1Shopify: Full sync only — cursor pagination through the entire catalog, normalizes each product, persists with a completeness flag. No incremental sync (could use
updatedAtfiltering but not implemented). Webhooks are planned but not yet active. - 2WooCommerce: Full + Incremental — initial full sync in paginated batches (100 products), then real-time updates via WordPress hooks (
on_product_save,on_stock_change,on_product_delete). Changes push to/api/v1/plugin/catalog/syncimmediately.
WooCommerce's incremental sync means the catalog stays fresher with lower API cost. Shopify requires a full re-sync to catch changes — fine for small catalogs, but inefficient for stores with 10,000+ products.
Rate Limiting
Retry-After headers and backs off transparently. WooCommerce implements manual retry logic: 3 attempts with 2-second delays on 429/503 responses. Non-retryable errors (400, 401, 403) fail immediately. Each WooCommerce facilitator request has a configurable timeout (WordPress default ~30s).MCP Tools Integration
search_products, get_product_details, create_cart — so agents use an identical interface regardless of the underlying platform. The key difference is discovery: Shopify has a dedicated search_global_products tool via ShopifyCatalogService that searches across all connected Shopify stores. WooCommerce products are discovered through the standard NLWeb/product search layer after sync.Test Coverage
- 1Shopify: ~1,015 lines of tests across 2 test files. Covers OAuth token exchange, HMAC verification, state validation, callback parsing, onboarding vs reauth flows, token status, and health metrics.
- 2WooCommerce: ~200+ lines of Playwright E2E tests. Covers plugin activation, settings UI, cart REST API, API key validation, billing webhook signatures, and merchant domain enforcement.
Shopify has deeper unit test coverage due to the complexity of OAuth flows. WooCommerce focuses on E2E tests because the WordPress plugin architecture makes unit testing in isolation harder (PHP runtime dependency).
Setup Process
Shopify Setup (3 steps)
- 1Merchant enters shop domain in the AgenticMCPStores dashboard
- 2OAuth redirect → Shopify consent screen → authorize
- 3Token exchange + store creation + auto-sync (automatic)
WooCommerce Setup (5 steps)
- 1Install the AgenticMCPStores plugin from WordPress admin
- 2Generate Consumer Key + Consumer Secret in WooCommerce settings
- 3Enter API key in the plugin settings page
- 4Test connection to verify API access
- 5Trigger initial full sync (incremental updates begin automatically)
Comparison Table
| Aspect | Shopify | WooCommerce |
|---|---|---|
| Architecture | Node.js service in main API | Standalone WordPress plugin |
| Auth | OAuth 2.0 with auto-refresh | Static HTTP Basic Auth |
| Data API | GraphQL (single query) | REST (multiple calls) |
| Pagination | Cursor-based | Offset-based |
| Sync | Full only | Full + Incremental (hooks) |
| Codebase | ~1,630 lines | ~41,000 lines |
| Tests | ~1,015 lines (unit) | ~200 lines (E2E) |
| Rate Limiting | Automatic (API-managed) | Manual retry (3 attempts) |
| Token Storage | Encrypted DB table | WordPress options |
| Setup Steps | 3 (OAuth flow) | 5 (manual plugin install) |
When to Use Which
- 1Choose Shopify if you want the simplest onboarding (3-click OAuth), automatic token management, and GraphQL efficiency. Best for merchants already on Shopify who want zero-maintenance agent connectivity.
- 2Choose WooCommerce if you need real-time incremental sync (no full re-sync lag), run your own WordPress infrastructure, or want full control over the plugin code. Best for self-hosted merchants who value data sovereignty.
Known Limitations
- 1Shopify: Variants capped at 100 per product (GraphQL hardcoded). No incremental sync yet. Webhooks planned but not active. Global product search requires separate Storefront API credentials.
- 2WooCommerce: No auto webhook registration (manual dedup strategy designed but not shipped). Minimum WooCommerce 3.5+. HTTPS mandatory. Cart bridge is large (~9,800 lines) — potential surface area for maintenance.
What's Next
Frequently asked questions
Can I connect both Shopify and WooCommerce stores to AgenticMCPStores?
Yes. Each store connects independently with its own credentials and sync process. AI agents interact with all stores through the same MCP tool interface — they don't need to know which platform backs each store.
Which connector has better real-time sync?
WooCommerce, by a significant margin. Its WordPress hook-based incremental sync pushes changes immediately on product save, stock change, or product deletion. Shopify currently requires a full catalog re-sync to catch updates.
Is the Shopify connector affected by the Shopify API rate limits?
Rate limiting is handled automatically by the Shopify GraphQL API. The SDK respects Retry-After headers and backs off transparently. You don't need to implement custom throttling.
Does the WooCommerce plugin work with any WordPress theme?
Yes. The plugin is theme-independent — it operates through WooCommerce's API layer, not through template overrides. It requires WooCommerce 3.5+ and HTTPS in production.
How do agents know which platform a store uses?
They don't, and they don't need to. Both connectors normalize product data into the same internal format. MCP tools like search_products and create_cart work identically regardless of whether the store runs on Shopify, WooCommerce, or Odoo.
Sources and references
Related articles
developer-guide
Building Agentic Commerce #1: Multi-Protocol Checkout — MCP + x402 + ACP in One Flow
One agent, three protocols, one checkout. Here's how MCP, x402 stablecoin payments, and ACP work together to let AI agents buy products — with code examples you can run today.
integration-guide
Odoo + MCP in 15 Minutes: Connect Your ERP to AI Agents
Connect your Odoo 16, 17, or 18 instance to AI agents in under 15 minutes. One JSON-RPC connector, zero code changes to Odoo. Your products, stock levels, and pricelists become discoverable and purchasable by Claude, GPT, and other AI agents via MCP.
developer-guide
Building Agentic Commerce #2: How AI Agents Discover Your Store Without an API Key
Before an agent can buy anything, it needs to find your store. Here's the 6-phase discovery chain that takes an AI agent from zero knowledge to checkout-ready in under 2 seconds — no pre-configuration required.