GraphQL vs REST in Magento — which should I use?

Use GraphQL for customer-facing storefront work where the client controls the field selection: PWA Studio, Hyvä-headless, custom SPA, mobile apps. Use REST for admin / backend tasks: bulk imports, ERP integrations, third-party connectors, batch operations, anything that runs as a scheduled job. GraphQL's strengths (single round-trip, field selection, schema introspection) are storefront strengths; its weaknesses (one-mutation-per-call, no native batching, request payload overhead) are batch weaknesses. Most production Magento stores run both side by side.

Magento GraphQL performance — is it fast?

Cacheable queries (catalog browse, category, product detail with no customer context) hit Varnish / Fastly and respond in 5 to 50 ms at the edge — comparable to REST or faster, since one GraphQL query replaces 5 to 7 REST round-trips on a typical product page. Uncacheable queries (cart, customer, checkout) execute per-request through PHP-FPM at 100 to 400 ms depending on database size and resolver complexity, similar to REST. The biggest perf wins come from killing the N+1 round-trip pattern that REST forces on storefront UIs, not from raw query speed. Always measure on your own data and your own infra.

Which Magento versions support GraphQL?

GraphQL was introduced in Magento 2.3 (November 2018) and has shipped with every Magento Open Source and Adobe Commerce release since. Coverage has expanded steadily — early versions only supported catalog reads, while 2.4.x covers catalog, cart, checkout, customer, orders, wishlist, B2B (company accounts, requisition lists, negotiable quotes), Page Builder content, and Inventory (MSI). Magento 2.4.6 and later have feature parity with REST for storefront use cases. Magento 2.4.9 (current latest) is the recommended floor for production headless work; older versions may need custom resolvers to fill gaps.

Can I add custom GraphQL schemas?

Yes — extending the GraphQL schema is a first-class pattern. Create etc/schema.graphqls in your custom module declaring new types, queries, or mutations in GraphQL SDL syntax. Implement a Resolver class that implements ResolverInterface. Wire the resolver to the schema field via etc/graphql/di.xml. The aggregated schema is compiled at bin/magento setup:di:compile time, so re-run that after schema changes. For cacheable resolvers, also implement IdentityInterface and return cache tags so Varnish / Fastly can key responses correctly.

How does authorization work for customer-specific queries?

Customer-scoped queries (customer, customerCart, customerOrders, customerDownloadableProducts) require a customer access token sent in the Authorization: Bearer HTTP header. Tokens are issued by the generateCustomerToken(email, password) mutation and have a configurable lifetime (default 1 hour, set in Stores > Configuration > Services > OAuth). Anonymous storefront queries (products, category, cart(cart_id) using a guest mask ID) need no token. Admin-only queries are not exposed via /graphql at all — admin access stays on /rest with an admin token.

Are GraphQL queries cached?

Read queries are cacheable when the resolver opts in. The resolver result must implement IdentityInterface and return cache tags (cat_p_123 for product 123, cat_c_45 for category 45). Magento sets X-Magento-Cache-Id and X-Magento-Vary response headers; Varnish or Fastly then keys the cache on those headers and serves repeat queries from edge memory. When a tagged entity changes, Magento purges the cache by tag automatically. Mutations are uncacheable by definition. Customer-scoped queries and queries with a logged-in session are also uncacheable — they execute per-request through PHP-FPM every time.

Is 5 minutes really enough for a real audit?

For a self-assessment first pass, yes. For a final sign-off audit, no — that’s a 1–3 day paid engagement.Here’s the honest breakdown of what these 50 questions can and cannot do:What 5 minutes covers: the questions a senior Magento operator can answer from memory + a quick admin-panel glance — patch level, 2FA on/off, FPC enabled, indexers in schedule mode, cron running, composer audit last result, sessions on Redis. About 35–45 of the 50 questions fall here.What 5 minutes can’t cover: things requiring code-reading or query-running — how many custom modules use deprecated APIs, whether a quote workflow still validates after the last patch, whether canonical tags are correct on every layered-nav permutation. Skip those, then ask your dev team. About 5–10 of the 50.What this checklist deliberately doesn’t do: custom-module security review, slow-query log analysis, dependency vulnerability deep-scan, ERP integration data-integrity check. Those are the deep-audit territory.So: 5 minutes for the self-assessment, then a paid 1–3 day deep audit ($1.5k–$3k) if your overall grade is C or below, or any single category is at D.

How accurate is this calculator?

The calculator output is a budgeting range, not a quote. The low–high spread (-20% / +50%) intentionally absorbs the things you can’t see from outside your codebase: undocumented customisations, vendor extensions that have gone silent, hidden cron-orchestrated integrations, and the dependency-resolution chaos that only surfaces when you actually run composer update.From my own data on 200+ shipped upgrades:~78% of projects landed inside the calculator’s low–high range without a change order.~17% needed a small change order (median +12%) usually for an extension swap-out the audit caught.~5% needed a substantial replan — almost always when the client had hidden a major customisation from the audit step (rare, but it happens).To turn the calculator output into a hard number, run a paid 1–3 day audit ($1.5k–$3k). Post-audit my fixed quote falls within ±5% of the audit estimate.

How is the 60-extension database curated?

Every entry in the database is something I’ve installed, configured, and shipped on a real client store between 2019 and 2026 — no “found-it-on-the-marketplace” entries, no AI-generated brochure summaries.The shortlist for each of the 12 categories is filtered through five gates:Live install — ran on a paying-client production store for at least 90 days. If I’ve only POC’d it on staging, it doesn’t make the list.Active maintenance — vendor shipped a release in the past 12 months. Silent vendors get cut even if the module is technically excellent.Pricing transparency — vendor publishes a public price (not “contact us for a quote”). Enterprise-only modules get tagged but de-prioritized.Hyvä compatibility known — I’ve either tested it on a Hyvä storefront or read the vendor’s explicit compat statement.No undisclosed conflicts — doesn’t silently break checkout, search, or admin when stacked with the other 3-4 modules in its category.That filters ~150 candidates I’ve touched down to the 60 entries you see. Re-curated quarterly — if a vendor goes silent, they’re marked deprecated and rotated out at the next refresh.

How accurate is this calculator?

Honest answer: directionally accurate within ~15–25% for the median case in each GMV bracket, less accurate at the extremes. It’s a first-pass screening tool, not a procurement-grade quote.What it gets right:License tier ordering. Magento Open Source $0 vs Adobe Commerce $30k–$150k+ vs SFCC $200k+ — the ranking won’t change.Per-tx fee impact at scale. Shopify Plus 0.15% adds up identically every time; the math is exact.Dev cost order of magnitude. A $5M GMV store on Magento needs ~$40k upfront + $30k/yr ongoing — the bracket holds across most engagements I’ve seen.Where it’s less accurate:SFCC and Adobe Commerce license — both are negotiated. Tier-1 SI partners often hold ±30% pricing power. The calculator uses public list-equivalent ranges; your actual quote may be lower (negotiated) or higher (uplift for Adobe Commerce Cloud Pro vs Starter).Custom dev edge cases — if your scope includes headless commerce, ERP integration, or multi-region inventory orchestration, dev cost can be 2–3x the calculator’s number.Region-specific pricing — the model assumes US dev rates. EU SI partners run 0.7–0.9x; India / Eastern Europe freelancers run 0.3–0.5x; Tier-1 US/UK SIs can run 1.2–1.5x.Use it to rule out platforms and frame the conversation, not to write a budget line.

TCO comparison at $50M GMV — which actually wins?

Closer than the brochures suggest. Real numbers from 8 enterprise migrations in this band:Shopify Plus 3-year TCO at $50M: Plus baseline $2,300/mo OR 0.4% × $50M = $200k/yr (whichever is greater — at $50M the GMV-based fee bites) → $600k+ over 3 years. Per-tx fees ~$75k/yr on Shopify Payments (0.15%) → $225k. 8–12 Plus apps at $1–5k/mo each (Klaviyo, Gorgias, Yotpo, Rebuy, Loop, Postscript, Shipstation, Avalara, Sparklayer for B2B) → $300k–$1.8M. Plus dev / agency $200–500k. Total: $1.3M–$2.9M.Adobe Commerce 3-year TCO at $50M: AC license tier at $50M GMV is roughly $80–150k/yr (revenue-banded) → $240–450k. Adobe Commerce Cloud infra $50–80k/yr → $150–240k. In-house dev team (3–5 engineers) or agency on retainer over 3 years → $400–900k. Plus extension licenses + monitoring + search add-ons $50–100k. Total: $840k–$1.7M.AC usually wins TCO by ~$200–800k once you account for Plus app multipliers — but the Plus number is more predictable. AC is cheaper if you run lean; more expensive if you don’t. The TCO winner is whichever platform fits your org without forcing it to grow into the cost.

SFCC vs Adobe Commerce TCO at $200M GMV — what are the concrete numbers?

3-year all-in TCO at $200M GMV, comparable scope (B2C with light B2B, 3 regions, mid-complexity catalog):Adobe Commerce 3-year TCO at $200M: license $80–150k/yr → $240–450k. Adobe Commerce Cloud infra $30–80k/yr → $90–240k. Implementation (mid-tier or tier-1 SI) $400k–$800k one-time. Ongoing engineering retainer $30k–$80k/mo → $1.08M–$2.88M over 3 years. Adobe Marketplace extensions $50k–$150k. Total: ~$1.9M – $3.7M.Salesforce Commerce Cloud 3-year TCO at $200M: license / revenue-share $500k–$1M/yr → $1.5M–$3M. Implementation (tier-1 SI: Capgemini, Accenture, Publicis Sapient) $800k–$2M one-time. Ongoing SI retainer $50k–$150k/mo → $1.8M–$5.4M over 3 years. Cartridges + integrations $100k–$300k. Total: ~$4.2M – $10.7M.The TCO gap at $200M GMV typically lands at 2–3× in favor of Adobe Commerce. The gap narrows above $1B GMV but rarely closes — SFCC’s revenue-share pricing scales linearly with GMV; AC’s license tiers cap out.

Companies + multi-buyer roles — Adobe Commerce native vs Open Source extensions?

Both reach roughly the same destination — the path is different.Adobe Commerce B2B (native): ships a Companies module with a parent → child → buyer hierarchy, role-based purchase thresholds (e.g. Buyer can place orders up to $5k, Approver up to $50k, Company Admin unlimited), and an approval workflow that routes a pending order through the right approver before it’s placed. Cost: rolled into the Adobe Commerce license at $30k+/yr.Magento Open Source: covered by extensions — Mageworx Companies ($299 + 12mo support), Aitoc B2B Suite (~$899), or BSS Companies (free + paid tiers). Combine with Aitoc Quote Workflow ($299–$799) to fill the approval gap. Total: $1–3k one-time vs $30k+/yr for AC.The honest trade-off: AC ships a more polished UI, vendor-supported upgrades, and 24/7 SLA. OS extensions cover ~85% of the feature set at 5% of the cost — the remaining 15% is mostly "nice-to-have" admin polish. For most wholesale stores under $10M GMV, OS + extensions is the right call.

Magento variant ceiling — does it really handle 10,000+ SKUs?

Yes — with the right indexing and storefront stack. The biggest fashion catalog I ship today runs ~78,000 variants across 1,200 product families and holds a 95+ Lighthouse mobile.The model is Magento configurable + simple products with EAV attributes for size, color, fit, season, fabric. The performance gotchas:Catalog product flat tables off, EAV indexed cleanly. Flat tables hurt at this scale.Custom denormalised stock-status table for "in-stock by size/color" filtering — native price/stock indexers slow at 50k+ variants.Hyvä theme instead of Luma. Luma re-renders the swatch picker on every interaction; Hyvä uses Alpine state and stays under 200ms INP.Lazy-loaded swatch images (browser-native loading="lazy" plus IntersectionObserver fallback for the PDP swatch grid).Shopify hits a hard ceiling at 100 variants per product (Plus: 2,000) which forces fashion brands above that into multi-product workarounds that fragment SEO and analytics. Magento has no such ceiling.

Cold-chain shipping integration with Magento — which carriers actually work?

Cold-chain in 2026 is a small list of viable carriers and a much longer list of "claims it but doesn’t deliver" options. Realistic shortlist:FedEx Custom Critical / FedEx Cold — premium, US + EU, real temp logging on the parcel, expensive ($30–$120 per parcel depending on temp band + distance). Best for high-value frozen meal kits.Sendle Cold (AU) — startup-friendly, integrates with Australia Post network, ~A$15–$35 per parcel, decent for refrigerated meal kits.UPS Temperature True — US + EU, similar to FedEx Cold, slightly cheaper, requires UPS account.Specialty couriers — Lasership Cold (US East Coast), GoFreight Cold (US West), Kuehne+Nagel Pharma (EU), Snowfox (UK refrigerated meal-kit specialist). Pricing varies, integration is API-by-API.3PL with cold-chain inside — FedEx-Goods + ShipBob Cold + Stord Cold + DiCentral. Magento sends order → 3PL handles cold-chain selection internally.Magento integration: a `requires_cold_chain` line-item attribute + a custom shipping-method module that hides ambient-only carriers when the cart contains a flagged SKU. Orders post to the carrier API, parcel barcode + temp-logger ID returns into Magento, transit-incident webhook fires when temp deviates outside the SLA window. We’ve standardised this pattern across 3 meal-kit clients.

Fraud prevention — Riskified vs Signifyd vs Sift?

All three are good. They differ on pricing model, chargeback guarantee, and fit by AOV.Riskified — chargeback guarantee on every approved order. If a guaranteed order charges back, Riskified pays. Pricing is a % of GMV (typically 0.6–1.2%) and you get a hard SLA. Best fit: $1k+ AOV jewellery + watches. The financial risk shifts off the brand entirely. I default to Riskified for diamond + bridal DTC at $5M+ GMV.Signifyd — also chargeback-guarantee. Slightly cheaper for mid-AOV (typically 0.4–0.9% of GMV). Strong on item-not-received fraud which matters for jewellery. Best fit: $500–$5k AOV mainstream fine + fashion jewellery. Solid Magento integration via official extension.Sift — risk-scoring + decision-engine, NOT chargeback-guarantee. You build your own decline + manual-review rules using Sift’s scores. Cheaper (~$0.05–$0.20 per order). Best fit: brands at <$2M GMV who want a cheap fraud layer + are comfortable owning the chargeback risk. Or as a layer in front of Riskified to filter obvious junk before paying for the guarantee.The pattern I deploy at most $5M+ jewellery brands: Sift for first-pass scoring (free-tier filter on bot + obvious-fraud orders) → Riskified for guaranteed approval on the orders that pass Sift → 3-D Secure 2.0 for the borderline grey-zone. Layered, not either/or. Cuts net chargeback losses 75–90% in the books I’ve audited.

FDA + DEA + DSCSA compliance on Magento — is it actually feasible?

Yes. Magento is a commerce platform — compliance is a wiring problem, not a platform-fit problem. Three separate regulators, three workstreams:FDA — product registration (NDC code per drug + strength + package size), structured product labeling (SPL) for the PDP, MedWatch adverse-event reporting integration. Magento custom product attributes hold NDC + SPL XML reference; an admin observer pushes adverse-event reports to FDA’s SafetyReport API.DEA — only relevant if you handle Schedule II–V controlled substances. Custom Magento checkout step for DEA Form-222 (Schedule II) or CSOS electronic ordering, biennial inventory tracking, suspicious-order monitoring (SOM) reports auto-flagged via a Magento cron + report module. DEA registrant validation per buyer-account at signup.DSCSA (Drug Supply Chain Security Act, fully effective 27 Nov 2023, with stabilisation period) — unit-level GS1 DataMatrix serialization (GTIN + serial + lot + expiry), AS2 / EPCIS exchange with trading partners, transaction information / history / statement (TI / TH / TS) at every handoff. Magento talks to a serialization middleware (TraceLink, rfxcel, SAP ATTP, Tag-It) for the actual serial-record exchange — nobody builds DSCSA middleware from scratch.I’ve shipped this stack for a regional pharma distributor and a specialty Rx pharmacy. Two things matter: middleware pick (TraceLink is the safe default at $80M+ GMV; rfxcel cheaper for mid-market; Tag-It is good for small pharmacies) and regulatory pre-audit before any live release. Don’t skip the pre-audit.

Variable sizing matrix on Magento — is it really feasible across apparel + footwear + equipment?

Yes, and it’s where Magento beats Shopify cleanly for sporting goods.Sporting goods sizing has three different shapes per category:Apparel: size (XS–5XL) + fit (regular / slim / athletic) + length (short / regular / tall) + sometimes by-sport cut. 4 axes, 60–120 SKUs per product family.Footwear: size (US 5–15, EU 35–50, half-sizes) + width (B / D / 2E / 4E for men, AA / B / D for women) + sometimes by-activity (trail / road / cross-training). 3 axes, 80–200 SKUs per product family.Equipment fit: by rider height + inseam + skill level (cycling), by skier height + skill + on-piste-vs-all-mountain (skiing), by hand size + grip type (tennis), by foot strike + arch type (running shoes). 2–4 axes, 20–60 SKUs per product family.Magento configurable products + EAV attributes per axis handles all three cleanly. Per-category size charts with body-measurement inputs live as CMS blocks rendered conditionally on PDP based on the product attribute set. Fitment quiz on PDP routes the customer to the right SKU before they hit the dropdown — cuts size-driven returns 18–28% in the data I see.Shopify hits its 100-variant ceiling fast on footwear at this scale (Plus: 2,000, still tight). Forces brands into multi-product workarounds that fragment SEO and analytics.

YMM fitment data — TecDoc vs SEMA Data Coop, which do I pick?

Both are industry-standard vehicle databases, but they cover different markets and price differently:TecDoc (owned by TecAlliance) — the European standard. ~80,000 vehicle records, deep coverage of EU makes (VW, BMW, Mercedes, Stellantis, Peugeot). Most EU-based aftermarket distributors run on TecDoc. Licensing: ~€3k–€15k/yr depending on scope. Magento integration via XML feed import on a daily schedule.SEMA Data Coop — the US standard. ~100,000+ vehicle records covering US makes (Ford, GM, Stellantis-NA, Toyota-USA, Honda-USA), light trucks, motorcycles, ATVs. Coverage of EU makes is shallow. Licensing: ~$2.5k–$8k/yr. Format is ACES (Aftermarket Catalog Exchange Standard) + PIES (Product Information Exchange Standard).Hybrid — for global brands, license both and merge in Akeneo PIM before the data hits Magento. Adds ~$5k–$10k of one-time integration work but covers ~95% of global vehicle parc.Magento side: vehicle records become a custom entity (auto_vehicle) with attributes year, make, model, trim, engine, drive-type. Product-to-vehicle compatibility is a many-to-many junction table. Layered nav filters by selected vehicle. I default to SEMA Data Coop for US-only stores, TecDoc for EU-focused stores, hybrid above $10M GMV with global ambitions.

What shade-matching tools work with Magento — quiz-based vs AR (Modiface / YouCam)?

Three patterns work, in increasing complexity and cost:Quiz-based shade finder — 5–7 questions on undertone, depth, finish, climate. Built natively in Magento with custom product attributes + a thin Alpine.js quiz UI on Hyvä. Conversion lift typically 0.8–1.4x baseline. Cost: ~$3k–$8k.AR try-on (Modiface / YouCam Makeup / Perfect Corp) — live camera overlay on PDP. Integration via REST + JS SDK. Conversion lift 1.4–2.8x on PDPs with AR. Cost: ~$8k–$20k integration + $1k–$5k/mo licence to the AR vendor depending on traffic.Hybrid (quiz → AR confirm) — quiz narrows to 3 shades, AR confirms the pick. Best conversion in my data.For brands under ~$5M GMV, start quiz-only. AR pays for itself above ~$5M because the licence amortises across volume.

Magento at 50k+ SKUs — what’s the performance reality?

Magento handles 50k+ SKUs cleanly when three things are tuned correctly: EAV indexing, Elasticsearch, and Hyvä. Without those, default Luma + MariaDB will start choking around 30k SKUs — category pages take 2–5 seconds, layered nav lags 1–2 seconds per filter click.EAV index: schedule the catalog_product_attribute + catalog_product_price + catalog_category_product indexers to "Update on Schedule" with a cron run every 1 minute. Avoid "Update on Save" at 50k+ — admin saves stall.Elasticsearch / OpenSearch: required from Magento 2.4+. Tune refresh_interval to 30s, allocate 4–8GB RAM. Re-index rate target: 50k SKUs in <10 minutes.Hyvä theme: replaces Luma’s 3MB+ JS with ~150kB Tailwind/Alpine. Catalog list-view renders 60% faster. INP drops from 280ms to 80ms on a 50k-SKU store.Hosting floor: 8 vCPU / 16GB RAM / NVMe SSD, Redis for cache + sessions, dedicated MariaDB or Aurora. Cloudways "Pro" plan or Hetzner CX52 minimum.With those four in place, a 50k-SKU electronics store hits Lighthouse 90+ on category and product pages. I’ve shipped one with 78k SKUs that holds 95+ Lighthouse mobile.

Furniture configurator on Magento — how complex is it?

Furniture configurators are deeper than fashion variants but Magento handles them cleanly with the right pattern.Schema: use Magento configurable products for the primary axis (typically dimension or model) and Custom Options for the secondary axes (fabric, finish, hardware, leg style). Bundle products handle multi-piece sets (e.g. sectional with 4-5 modules). EAV attributes hold the swatch metadata.Visual swatch picker: the default Custom Options dropdown is unusable for fabric. Wire in a UI extension (Mageworx, Aheadworks Advanced Product Options, or a custom React widget on Hyvä) that renders fabric thumbnails, hover-to-zoom, and a “swatches by mail” CTA.Validation rules: not every fabric ships on every frame. Use option dependencies (e.g. via the same extension or a custom rule engine) to disable invalid combos in real time.Scale: 1,000+ valid permutations per product family is achievable. I’ve shipped a custom-sofa configurator with 4,200 valid combinations and a 1.8s LCP on Hyvä. Below 100 SKUs you can fake it on Shopify; above 500 SKUs with 3+ axes, Magento is the answer.

How is “compatibility” defined here?

A verdict of Compatible means the extension renders its frontend HTML correctly under Hyvä 1.3+, doesn’t inject Knockout or RequireJS dependencies, doesn’t break the cart or checkout flow, and survives a clean reindex + setup:upgrade. Backend admin behaviour is identical regardless of frontend theme — every status here judges only the storefront. So if a verdict says “Compatible”, you can install it next to Hyvä without porting work; if it says anything else, the row description explains exactly what gap remains.

What services do you offer?

We specialize in e-commerce development with expertise in Magento 2, Shopify, and WordPress/WooCommerce. Our services include custom development, theme design, plugin/extension development, performance optimization, and ongoing maintenance and support.

How do you charge for your services?

We offer flexible pricing models including fixed-price projects, hourly rates, and monthly retainers. The pricing model depends on the project scope and client preference. We provide detailed quotes after understanding your requirements.

What technologies do you work with?

We specialize in PHP-based e-commerce platforms including Magento 2 (Adobe Commerce), Shopify, and WordPress/WooCommerce. We also work with modern frontend technologies like React, Vue.js, and Next.js for headless commerce solutions.

Can you migrate my store to Magento 2?

Yes! We have extensive experience in migrating stores from Magento 1, Shopify, WooCommerce, and other platforms to Magento 2. We ensure data integrity, minimal downtime, and seamless transition for your business.

Do you offer ongoing support after project completion?

Yes! We offer flexible maintenance and support plans including bug fixes, security updates, feature enhancements, and technical support. Plans can be customized based on your needs.

Does this replace Magento's native contact form?

Yes. When the module is enabled, the /contact URL is handled by Panth Advanced Contact Us and the stock Magento_Contact form is bypassed. Disable the module to revert to the native form — no data loss.

Does Panth Advanced SEO replace Magento's native SEO features?

It enhances them. Magento's native meta fields still work — Panth Advanced SEO adds template-based defaults, tokens, hreflang groups, JSON-LD, SEO scoring, and dozens of other features Magento ships without.

Does Panth Advanced Cart work with Hyva?

Yes. The module ships dedicated Hyva templates built with Alpine.js and Tailwind CSS. Theme detection is automatic via Panth_Core.

Can I have more than one banner slider on the same page?

Yes. Create as many sliders as you want in the admin and place each one via its own widget or layout block. Each slider maintains independent configuration and slides.

Do I have to pay for Panth Core?

No. Panth Core is completely free and will remain free forever. It is the foundation library that other (paid) Panth extensions depend on.

Does this module change how Magento calculates custom option prices?

No. All price-delta logic continues to flow through Magento's standard priceBox and price-option JS components. This module only replaces the visual rendering.

How many forms can I create?

Unlimited. Each form has a unique identifier and its own submissions scope.

Does Panth Footer replace the default Magento footer?

Yes. When enabled, Panth Footer takes over the footer.container block and renders its own configurable footer. You can disable it any time to restore the default footer.

Will this overwrite my custom image labels?

No. Merchant-authored labels (anything other than empty, the product name, Image, main product photo, or the raw filename) are preserved. Only Magento's default placeholders get upgraded to template output.

Does this submit URLs to Google?

No. Google does not participate in IndexNow and has stated they maintain their own crawl schedule. For Google indexing, use a proper XML sitemap and Google Search Console. This module is specifically for the IndexNow ecosystem (Bing, Yandex, Seznam, Naver, Yep).

Will this slow down my storefront?

No. The notification feed is cached, assets are lightweight, and the JS runs asynchronously after page load.

Is llms.txt an official standard?

An emerging community standard proposed at llmstxt.org with a growing list of adopters (Anthropic, Perplexity, Vercel, Stripe, Cloudflare docs all publish one). Not an IETF RFC yet, but stable enough that major AI platforms rely on it.

Does it work for guests?

Yes, guests can subscribe with their email address. You can optionally require login via admin config.

How is this different from a traditional antivirus?

Panth Malware Scanner is built specifically for Magento 2 filesystems — it understands the directory layout, knows which folders are writable from the frontend, and ships signatures tuned for Magento-targeted threats (Magecart skimmers, PolyShell webshells, admin-layout injection). Traditional AV tools scan everything with generic signatures and produce noise.

Does Panth Mega Menu work on both Hyva and Luma?

Yes. The module ships with two purpose-built templates — Alpine.js + Tailwind for Hyva and vanilla JS for Luma — and auto-switches based on your active storefront theme.

Does this module override Magento's `cms/noroute/index` controller?

No. It uses Magento's standard layout update mechanism to replace the block under the content container. The controller itself is untouched.

How is this different from Magento's native "file" custom option?

Native file custom options are tied to the cart quote item and don't persist cleanly as a first-class order record. Panth Order Attachments creates dedicated panth_quote_attachment and panth_order_attachment tables, linked to the sales order item, ensuring files remain accessible for the full order lifetime — including reorders, invoices, and RMAs.

Does this slow down the order grid?

Minimally. The column loads order items for each visible row (typically 20-50 orders). For very large catalogs, you can disable thumbnails to reduce image loading.

What triggers a price drop alert?

Any reduction in the final displayed price for the store view where the customer subscribed — catalog regular price, special price, catalog price rule discount, tier pricing, or group pricing. The module compares the current final price against the baseline captured at subscription time.

Does this replace Magento's default product gallery?

Yes, on the product detail page. When the module is enabled, the default gallery.phtml is replaced with the Panth gallery (one template for Hyva, another for Luma — chosen automatically).

Can I add more than 3 custom tabs?

Yes. Both CMS block tabs and attribute tabs support unlimited entries. Add as many as your product requires.

Does Panth Search Autocomplete work with Elasticsearch and OpenSearch?

Yes. The module is engine-agnostic — it uses whatever Magento is configured with (Elasticsearch 7, Elasticsearch 8, OpenSearch 1.x/2.x, or the MySQL fallback). No extra setup required.

Does Smart Badge slow down my category pages?

No. Badge lookups are indexed and cached per product + store view + customer group, and badge rendering is pure CSS. Typical overhead is under 5ms on listing pages.

Magento glossary

What is Magento GraphQL ?

Magento GraphQL is the headless API endpoint introduced in Magento 2.3 (Nov 2018) at POST /graphql, exposing the catalog, customer, cart, checkout and order data via GraphQL queries and mutations. Built for PWA Studio, Hyvä-headless, custom React/Vue SPAs, mobile apps and BFF (backend-for-frontend) patterns. One round-trip, client-specified field selection, schema-introspectable.

Need a headless build? How it works

Written by Kishan Savaliya — Adobe Certified Magento & Hyvä developer, 8 years on platform

At a glance

Introduced Magento 2.3 (Nov 2018)
Endpoint POST /graphql
Spec GraphQL 2018 + webonyx/graphql-php

How it works

Five things Magento GraphQL actually does under the hood

GraphQL is not magic — it is a strongly-typed schema, a resolver layer over Magento's service contracts, and HTTP cache integration via Varnish. Here is what that means concretely.

01

Single endpoint, client-specified field selection

Magento exposes one URL — POST /graphql — that accepts every query and mutation. The client sends a query body declaring exactly which fields it wants (name, price, image.url, nested variants { sku }) and Magento returns only those fields. There is no field over-fetching the way REST endpoints return entire entity payloads, and no field under-fetching that forces follow-up requests — one round-trip pulls the precise tree the storefront needs.
02

Schema declared per-module via schema.graphqls files

Each Magento module ships an etc/schema.graphqls file written in GraphQL SDL (Schema Definition Language). The core Magento_CatalogGraphQl module defines products, categories, category queries; Magento_QuoteGraphQl defines cart, addProductsToCart mutations; Magento_CustomerGraphQl defines customer, createCustomer. Custom modules extend the schema by declaring new types and resolvers in their own schema.graphqls. The aggregated schema is compiled at setup:di:compile time.
03

Resolvers map GraphQL types to PHP service contracts

Behind every GraphQL field is a Resolver class implementing Magento\Framework\GraphQl\Query\ResolverInterface. Resolvers re-use the same service contracts (Repository interfaces, Search APIs) the REST layer uses — they are a thin transport adapter, not a parallel data layer. This means GraphQL and REST stay in sync as the catalog, customer, and cart logic evolve. Custom resolvers register against schema fields via etc/graphql/di.xml using the resolver argument.
04

Cacheable queries cached via Varnish + x-magento-vary

Read queries (catalog browsing, category listing, product detail) are HTTP-cacheable when the resolver returns a CacheableInterface result with cache tags. Magento sets X-Magento-Cache-Id and X-Magento-Vary headers; Varnish (or Fastly on Adobe Commerce Cloud) keys the cache on those headers and serves repeat queries from edge memory in under 5 ms. Customer-specific data (cart, customer, wishlist) is uncacheable and falls through to PHP every time.
05

Mutations bypass cache and run synchronously

Mutations — addProductsToCart, placeOrder, createCustomer, updateCustomerAddress — bypass HTTP cache by design and execute synchronously through the same service contracts the REST API uses. Each mutation runs inside a Magento DB transaction; failure rolls back state. The response shape mirrors the input mutation, so the client can update its local state from the mutation result without a follow-up read query.

When to use

Four situations where GraphQL is the right Magento API

GraphQL is not universally correct — REST is still better for batch / admin work. These four scenarios are unambiguous GraphQL wins.

Building PWA Studio, Hyvä-headless or custom SPA

If the storefront is a separate frontend application — PWA Studio (React + Apollo), Hyvä-headless (Hyvä theme talking to Magento purely via GraphQL), Vue Storefront, or a bespoke React/Next.js / Vue/Nuxt SPA — GraphQL is the supported transport. The Adobe-recommended PWA Studio talks GraphQL by default, and every Magento 2.3+ release ships GraphQL coverage for new features the moment they land. Building a headless storefront on REST in 2026 is fighting the platform.
Multi-channel app from a single Magento backend

When one Magento instance has to feed a web storefront plus an iOS app plus an Android app plus a kiosk — or any combination — GraphQL lets each client pull only the fields it needs in one request. The mobile app fetches small thumbnails and short descriptions, the web app fetches full image sets and rich HTML, the kiosk fetches inventory + price only. Same backend, same schema, four optimised payloads. REST forces every channel to consume the same fixed entity shape.
Deep nested data in one round-trip (kills N+1)

A typical product detail page needs the product, its 8 image variants, its 3 configurable child SKUs, its category breadcrumb, its 12 reviews and the related-products carousel. On REST that is 5 to 7 sequential calls; on a 200 ms RTT mobile network that is over a second of waterfall latency. One GraphQL query pulls the entire nested tree in a single request — everything resolved server-side, returned as one JSON document. Lighthouse-critical Time to First Byte metrics improve by 30 to 60% on data-heavy pages.
Avoid for: bulk imports, simple admin tasks

GraphQL is request-per-item by design — great for storefront reads, terrible for batch operations. Importing 10,000 products one mutation at a time will take hours and saturate PHP-FPM. Use the Magento Admin REST API or the bulk async REST endpoints for ingestion, or write directly to the database via InstallData / DataPatchInterface for one-time loads. Keep GraphQL for what it is built for: customer-facing storefront reads and individual cart / checkout / order mutations.

Common mistakes

Four traps that turn a GraphQL build into a performance disaster

Every slow Magento headless storefront I have audited makes one or more of these four mistakes. Avoid them and the API runs at edge speed.

Querying entire schemas instead of needed fields

A common starter mistake is requesting products(filter: {...}) { items { ... }} with the autogenerated full ProductInterface field set. That pulls every attribute Magento knows about each product — description, short_description, meta_keyword, swatch images, every custom attribute — and a 24-product PLP can return 800 KB of JSON. Specify only the fields the UI actually renders (name, sku, price_range, small_image { url }) and the same query drops below 30 KB. GraphQL's killer feature is field selection — use it.
Not declaring cache tags on cacheable queries

Custom resolvers default to uncacheable, which means every storefront hit runs the resolver from scratch — no Varnish, no edge cache, full PHP execution per request. Implement IdentityInterface on the resolver result and return cache tags (cat_p_, cat_c_) so Varnish can key and invalidate the response. Add cache: { tags: [...], cacheable: true } declarations in etc/graphql/di.xml. Done correctly, custom storefront queries hit at 50 to 200x lower latency.
Using GraphQL for bulk imports / batch operations

GraphQL mutations are one-at-a-time by design. Looping addProductsToCart 500 times to seed test orders, or createProduct 10,000 times to import a CSV catalog, will burn hours of PHP-FPM time, blow past max_execution_time defaults, and likely 502 the gateway. For batch workloads use the Magento Bulk Async REST API (POST /async/bulk/V1/products), direct DB seed via DataPatch, or the Magento_ImportExport CSV pipeline. GraphQL is not the right tool for batch.
Forgetting Authorization header for customer queries

The customer, customerCart, customerOrders queries are customer-scoped and require an Authorization: Bearer <token> header. Without it Magento returns a "The current customer isn't authorized" error rather than the customer's data. Issue tokens via the generateCustomerToken mutation, store them client-side (HttpOnly cookie or secure local storage), and send them on every customer-scoped request. Anonymous queries (products, category, cart(cart_id) with a guest mask ID) need no auth header.

FAQ

Magento GraphQL — frequently asked questions

GraphQL vs REST in Magento — which should I use?

Use GraphQL for customer-facing storefront work where the client controls the field selection: PWA Studio, Hyvä-headless, custom SPA, mobile apps. Use REST for admin / backend tasks: bulk imports, ERP integrations, third-party connectors, batch operations, anything that runs as a scheduled job. GraphQL's strengths (single round-trip, field selection, schema introspection) are storefront strengths; its weaknesses (one-mutation-per-call, no native batching, request payload overhead) are batch weaknesses. Most production Magento stores run both side by side.
Magento GraphQL performance — is it fast?

Cacheable queries (catalog browse, category, product detail with no customer context) hit Varnish / Fastly and respond in 5 to 50 ms at the edge — comparable to REST or faster, since one GraphQL query replaces 5 to 7 REST round-trips on a typical product page. Uncacheable queries (cart, customer, checkout) execute per-request through PHP-FPM at 100 to 400 ms depending on database size and resolver complexity, similar to REST. The biggest perf wins come from killing the N+1 round-trip pattern that REST forces on storefront UIs, not from raw query speed. Always measure on your own data and your own infra.
Which Magento versions support GraphQL?

GraphQL was introduced in Magento 2.3 (November 2018) and has shipped with every Magento Open Source and Adobe Commerce release since. Coverage has expanded steadily — early versions only supported catalog reads, while 2.4.x covers catalog, cart, checkout, customer, orders, wishlist, B2B (company accounts, requisition lists, negotiable quotes), Page Builder content, and Inventory (MSI). Magento 2.4.6 and later have feature parity with REST for storefront use cases. Magento 2.4.9 (current latest) is the recommended floor for production headless work; older versions may need custom resolvers to fill gaps.
Can I add custom GraphQL schemas?

Yes — extending the GraphQL schema is a first-class pattern. Create etc/schema.graphqls in your custom module declaring new types, queries, or mutations in GraphQL SDL syntax. Implement a Resolver class that implements ResolverInterface. Wire the resolver to the schema field via etc/graphql/di.xml. The aggregated schema is compiled at bin/magento setup:di:compile time, so re-run that after schema changes. For cacheable resolvers, also implement IdentityInterface and return cache tags so Varnish / Fastly can key responses correctly.
How does authorization work for customer-specific queries?

Customer-scoped queries (customer, customerCart, customerOrders, customerDownloadableProducts) require a customer access token sent in the Authorization: Bearer <token> HTTP header. Tokens are issued by the generateCustomerToken(email, password) mutation and have a configurable lifetime (default 1 hour, set in Stores > Configuration > Services > OAuth). Anonymous storefront queries (products, category, cart(cart_id) using a guest mask ID) need no token. Admin-only queries are not exposed via /graphql at all — admin access stays on /rest with an admin token.
Are GraphQL queries cached?

Read queries are cacheable when the resolver opts in. The resolver result must implement IdentityInterface and return cache tags (cat_p_123 for product 123, cat_c_45 for category 45). Magento sets X-Magento-Cache-Id and X-Magento-Vary response headers; Varnish or Fastly then keys the cache on those headers and serves repeat queries from edge memory. When a tagged entity changes, Magento purges the cache by tag automatically. Mutations are uncacheable by definition. Customer-scoped queries and queries with a logged-in session are also uncacheable — they execute per-request through PHP-FPM every time.

Headless audit

Planning a Magento headless / GraphQL build?

Send your storefront URL or wireframes — I will run a GraphQL coverage check, sketch the resolver / cache architecture, and reply with a written quote, fixed-price scope and earliest start date. 24-business-hour turnaround.

See the headless service Hire me directly

What is Magento GraphQL ?

Single endpoint, client-specified field selection

Schema declared per-module via schema.graphqls files

Resolvers map GraphQL types to PHP service contracts

Cacheable queries cached via Varnish + x-magento-vary

Mutations bypass cache and run synchronously

Building PWA Studio, Hyvä-headless or custom SPA

Multi-channel app from a single Magento backend

Deep nested data in one round-trip (kills N+1)

Avoid for: bulk imports, simple admin tasks

Querying entire schemas instead of needed fields

Not declaring cache tags on cacheable queries

Using GraphQL for bulk imports / batch operations

Forgetting Authorization header for customer queries

Magento headless / PWA

Hyvä vs PWA Studio

What is PWA Studio

What is Hyvä Themes

Planning a Magento headless / GraphQL build?