Skip to content

tomhooker/shopify-oauth-access-token

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
README.md
README.md
 
 
accesstoken.md
accesstoken.md
 
 

Repository files navigation

Getting Access Token from Shopify

A step-by-step guide to obtaining an access token from Shopify using OAuth 2.0.

Prerequisites

  • A Shopify store
  • A Shopify Partner account (for app development)
  • Access to webhook.site or similar webhook testing service

Steps

1. Create App in Dev Dashboard

  1. Go to dev.shopify.com/dashboard/
  2. Create a new app

2. Configure App Scopes

  1. Navigate to Admin API section
  2. Choose your permissions carefully (select only what you need)
  3. Note the scopes you've selected

3. Set Up Redirect URL

  1. Open webhook.site
  2. Copy the webhook URL provided (keep it handy)
  3. In your app settings, add this URL to the Redirect URLs section

4. Release App Version

  1. Click Release and name the version (e.g., "version1")
  2. Click on the version you just created
  3. Verify you can see:
    • The scopes you set
    • The redirect URL you configured

5. Get App Credentials

  1. Go to App Settings
  2. Copy your Client ID and Client Secret (keep these secure)

6. Build Authorization URL

Replace the placeholders in the URL below:

  • STORE - Your Shopify store name (without .myshopify.com)
  • SCOPE - Your selected scopes (comma-separated, URL-encoded)
  • REDIRECT_URI - Your webhook.site URL (URL-encoded)
  • CLIENT_ID - Your app's Client ID
https://STORE.myshopify.com/admin/oauth/authorize?client_id=CLIENT_ID&scope=SCOPE&redirect_uri=REDIRECT_URI

7. Install App on Store

  1. Open the authorization URL in a new browser tab
  2. Install the app on your Shopify store
  3. After installation, you'll be redirected to webhook.site

8. Get Authorization Code

  1. On webhook.site, you'll see the authorization code in the query parameters
  2. Copy the code parameter value

9. Exchange Code for Access Token

Use the following curl command (replace STORE, CLIENT_ID, SECRET, and CODE):

curl -X POST https://STORE.myshopify.com/admin/oauth/access_token \
    -d "client_id=CLIENT_ID" \
    -d "client_secret=SECRET" \
    -d "code=CODE"

The response will contain your access_token.

10. Test Your Access Token

Test the access token with a GraphQL query:

curl -X POST \
https://STORE.myshopify.com/admin/api/2024-01/graphql.json \
-H 'Content-Type: application/json' \
-H 'X-Shopify-Access-Token: YOUR_ACCESS_TOKEN' \
-d '{
  "query": "query GetProducts { products(first: 10) { nodes { id title } } }"
}'

Note: Replace 2024-01 with the API version you're using. Check Shopify's API versioning for the latest stable version.

Security Notes

  • Never commit your client_secret or access_token to version control
  • Use environment variables to store sensitive credentials
  • The access token has the permissions of the scopes you selected - choose them carefully

Troubleshooting

  • Invalid redirect URI: Make sure the redirect URI in your app settings exactly matches the one in your authorization URL
  • Invalid code: Authorization codes expire quickly - make sure you use the code immediately after receiving it
  • 403 Forbidden: Check that your scopes include the necessary permissions for the API calls you're making

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors