How to Get a Shopify Access Token for Creating Shopify Functions with Custom Manual Controls

Building custom Shopify functions in 2026 requires more sophistication than ever before. Whether you're developing custom manual order processing workflows, payment customizations, or product recommendations, you'll need a properly configured Shopify access token with the right permissions. This comprehensive guide walks you through obtaining and configuring your access token specifically for creating Shopify functions with custom manual controls.

What You Need

• A Shopify Partner account (free to create at partners.shopify.com)
• Access to create or manage a development store
• Admin access to your Shopify store or partner account
• A text editor or IDE for storing your token securely
• Basic understanding of API authentication and security practices
• Knowledge of Shopify's function framework and JavaScript/Rust development languages
• A development environment with Node.js or Rust installed (depending on your function type)
• Familiarity with command-line interface (CLI) operations

Required API Scopes

When creating Shopify functions for custom manual processes, your access token must include specific API scopes. These scopes determine what your functions can access and modify within your Shopify store. Here are the essential scopes you'll need:

Scope	What It Allows
write_products	Enables your functions to modify product data, pricing, and inventory when creating custom product recommendation functions or dynamic pricing rules
read_products	Allows your functions to access product information, variants, and metadata needed for custom manual filtering and selection logic
write_orders	Permits modification of order details, discounts, and custom attributes for manual order processing functions
read_orders	Grants access to order data, customer information, and order history for custom manual workflows and conditions
write_fulfillments	Allows your functions to create and manage fulfillment operations for custom manual shipping and delivery customizations

Step-by-Step Guide

Follow these detailed steps to create your Shopify access token for custom manual Shopify functions:

Step 1: Access Your Shopify Partner Dashboard

First, navigate to your Shopify Partner account. If you don't have one, visit partners.shopify.com and sign up for free. This dashboard is your central hub for managing apps, functions, and API credentials. Once logged in, you'll see various options for app development and store management.

Step 2: Create or Select Your Development Store

In your Partner dashboard, locate the "Stores" section. If you already have a development store, select it. If not, create a new development store by clicking "Create store" and selecting "Development store" as the type. Development stores are perfect for testing Shopify functions without affecting live sales. Give your store a descriptive name that indicates its purpose, such as "Custom Functions Testing."

Step 3: Create a New App

Navigate to the "Apps and integrations" section in your Partner dashboard. Click "Create an app" and choose "Create app manually." Give your app a name related to your Shopify functions project, such as "Custom Manual Functions App" or "Advanced Order Processing." This app will be the container for your functions and API credentials.

Step 4: Configure Admin API Credentials

Once your app is created, go to the "Configuration" section. Under "Admin API access scopes," select all the scopes listed in the table above. Make sure to include write_products, read_products, write_orders, read_orders, and write_fulfillments at minimum. For custom manual functions, you may also want to add write_discounts and read_discounts if your functions involve discount logic.

Step 5: Generate Your Access Token

After configuring scopes, click "Save" and then navigate to the "Admin API access tokens" section. Click "Generate token" to create your access token. This token will be displayed only once, so copy it immediately and store it securely. Never share this token or commit it to public repositories.

Step 6: Secure Your Token Storage

Store your access token in an environment variable file (.env) rather than hardcoding it into your application. Here's the proper way to structure this:

SHOPIFY_ACCESS_TOKEN=shpat_1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p
SHOPIFY_STORE_NAME=your-store-name.myshopify.com
SHOPIFY_API_VERSION=2026-01

Step 7: Test Your Token with an API Call

Verify your token works correctly by making a test API call. Use curl to query your store's products endpoint:

curl -X GET "https://your-store-name.myshopify.com/admin/api/2026-01/products.json" \
  -H "X-Shopify-Access-Token: shpat_1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p" \
  -H "Content-Type: application/json"

If successful, this request will return your store's product data in JSON format. If you receive a 401 Unauthorized error, double-check your token and store name. For custom manual Shopify functions, this confirmation ensures your credentials are ready for deployment.

Step 8: Install Your App on Your Development Store

Return to your Partner dashboard and find your newly created app. Click on it and select "Install app" for your development store. This step associates your API credentials with your test environment, allowing your Shopify functions to access store data and perform custom manual operations.

Step 9: Deploy Your Custom Functions

With your access token configured, you're ready to develop and deploy your Shopify functions. Use the Shopify CLI with the command:

shopify function build

Then deploy using:

shopify function publish

Your functions will now have access to the scopes and permissions defined in your app configuration, allowing them to execute custom manual logic for orders, products, and fulfillments.

Using GetShopifyToken (Faster Method)

While the manual process above gives you complete control, there's a faster alternative available. Visit https://getshopifytoken.com to automate much of this process. GetShopifyToken streamlines token generation and validates your configuration automatically, reducing setup time from 15-20 minutes to just a few minutes. This service is particularly useful when you're managing multiple apps or need to quickly rotate tokens for security purposes. The platform ensures all required scopes for custom manual Shopify functions are properly configured, and it provides a secure dashboard for managing your credentials across different projects and stores.

Common Issues

• 401 Unauthorized Errors: This indicates an invalid or expired token. Verify the token hasn't been regenerated (which invalidates old tokens) and that you're using the correct store URL with the .myshopify.com domain.
• 403 Forbidden Errors: Your token lacks the necessary scopes. Return to your app configuration and add missing scopes like write_products or write_orders, then generate a new token.
• Token Not Displaying After Generation: Tokens are only shown once. If you missed copying it, generate a new token from the Admin API access tokens section.
• Functions Not Executing Custom Manual Logic: Ensure your function code references the correct API version (2026-01 or later) and uses proper error handling for API calls.
• Store Connection Failures: Verify your store URL is formatted correctly: your-store-name.myshopify.com, not www.your-store-name.myshopify.com.
• Scope-Related Function Failures: Check your function logs in the Partner dashboard to identify which scopes are missing, then add them and regenerate your token.
• Environment Variable Not Loading: Ensure your .env file is in the correct directory and your development framework is configured to load environment variables (many frameworks require specific packages or configuration).

Related Guides

• How to Build Shopify Functions with Rust and JavaScript in 2026
• Managing Multiple Shopify Access Tokens for Different Apps and Stores
• Best Practices for Securing Your Shopify API Credentials and Access Tokens
• Shopify Function Testing and Debugging: Complete Guide for Custom Manual Implementations

Frequently Asked Questions

Q: Can I use the same access token for multiple Shopify functions?

Yes, absolutely. A single access token can be used across multiple Shopify functions within the same app, as long as all functions require the same API scopes. However, for security best practices, consider creating separate apps for different function categories if they require different permission levels. This follows the principle of least privilege, where each function has only the permissions it needs to operate.

Q: How often should I rotate my Shopify access tokens?

Shopify recommends rotating access tokens every 90 days for optimal security, especially if your token could be exposed to external services or team members. For tokens used only in secure, internal environments, rotation every 6-12 months may be sufficient. When you generate a new token, the previous one immediately becomes invalid, so plan your rotation during a maintenance window or use a token management system to ensure zero downtime.

Q: What's the difference between a Shopify access token and a Shopify API key?

Access tokens are used for server-to-server authentication and are what you need for Shopify functions and Admin API calls. API keys (used with API secrets) are typically for OAuth flows and app installations. For creating custom manual Shopify functions, you'll exclusively use access tokens. Access tokens are more secure for direct API access because they don't require managing separate secrets.

Q: Can I test my Shopify functions without deploying them to production?

Yes, this is exactly why development stores exist. Deploy your functions to your development store first using your access token. Test all custom manual logic thoroughly in this isolated environment. Only after comprehensive testing should you install your app on production stores. Development stores are fully functional Shopify stores that don't process real payments, making them ideal for safely testing Shopify functions.