Aleta B2B API: a Shopify-Backed Catalog for Swiss Distributors
Symfony middleware, per-client pricing, and a stable REST surface on api.aleta.ch

Context: Aleta, Shopify, and distributors

Aleta Distribution Sàrl is a Swiss distribution company. Its product catalog lives in Shopify: products, variants, media, and inventory are maintained there as the operational system of record.

B2B partners — other distributors and integrators — need reliable programmatic access (reference pricing, stock, logistics locations) without handing every party a Shopify Admin token or forcing each integration team to own raw GraphQL complexity.

d-side solutions designed and operates a public B2B API served at api.aleta.ch, backed by the Shopify store, with published documentation and an onboarding path for API consumers.

The challenge: open the catalog without compromising Shopify

Sharing direct Admin API access with many distributors creates security, governance, and contract problems: each partner negotiates different commercial terms, and Shopify's API surface moves with every version (removed fields or schema changes).

• ✗No shared Admin token — distributing Admin credentials to every integrator multiplies risk and makes rotation painful.
• ✗Catalog price ≠ distributor price — discounts or margins must be applied per account in a deterministic, auditable way.
• ✗GraphQL version drift — a query that worked yesterday can fail after an API version bump when fields disappear from the schema.
• ✗Server operations — repeatable deploys and structured logs to diagnose production.

The solution: Symfony middleware between Shopify and integrators

The Symfony 8 application acts as a gateway: it authenticates B2B calls (Authorization: Bearer … header or an equivalent query parameter), applies the client's pricing rules, queries Shopify through the Admin GraphQL API, and returns documented JSON payloads.

The repository deploys onto d-side infrastructure (git pull, composer install, Symfony cache clear) using a documented Composer-driven deploy script — standardizing releases and reducing environment drift.

Real incident: Shopify errors in production

At one point the catalog endpoint started returning a generic "Shopify upstream" failure. Application logs showed GraphQL errors: fields (weight and weightUnit on ProductVariant) were no longer available on the configured Admin API version. The fix was to align the GraphQL selection set with the supported schema — a reminder that every Shopify integration must track the API version lifecycle.

Key features

Versioned REST surface

Integrators rely on endpoints for health checks, paginated product listings (cursor, SKU, status filters), stock, and locations — all behind the same authentication convention and per-client rate limits.

Per-client pricing

The middleware computes account-specific prices (for example percentage off catalog retail plus complementary rules for direct-delivery scenarios) from Shopify amounts in a centralized, testable way.

Admin console

A password-protected web UI creates and disables clients, adjusts percentages and access scopes, and communicates credentials without ever exposing the Shopify Admin token — each partner receives its own dedicated key (prefix such as b2b_) and must store it like any other secret.

Signed webhooks

A dedicated endpoint accepts Shopify notifications with HMAC signature verification, enabling reliable server-side reactions when catalog or inventory changes originate in Shopify.

Results

• ✓Clear integration contract — REST JSON, explicit errors, documentation co-hosted with the API.
• ✓Shopify remains the system of record — no manual duplicate catalog silo.
• ✓Resilience to API evolution — targeted GraphQL adjustment after a real production incident.
• ✓Repeatable deploys — documented Composer script to update code and dependencies on the server.