How to Get a Shopify Access Token for API Integration

A Shopify access token is essential for connecting third-party applications, automation tools, and custom integrations to your Shopify store. Whether you're building a custom app, integrating with inventory management software, or automating order processing, understanding how to find and generate your Shopify store API key is the first critical step.

In 2026, Shopify continues to refine its developer experience, making it easier than ever to securely generate and manage access tokens. This comprehensive guide will walk you through the entire process, from initial setup through implementation, ensuring your integrations are secure and properly configured.

What You Need

• A Shopify store (development or live store)
• Admin access to your Shopify store
• A custom app or private app setup ready (or knowledge of which app you're building for)
• Understanding of your specific integration requirements
• Secure storage method for your access token (password manager, environment variables, secure vault)
• API documentation for the service you're integrating with
• Basic knowledge of REST APIs and authentication methods

Required API Scopes

Before generating your access token, you need to determine which API scopes your integration requires. Scopes define what permissions your token has and what data it can access. Following the principle of least privilege, only request the scopes you actually need.

Scope	What It Allows
read_products	Read product data including titles, prices, images, and variants without modification permissions
write_products	Create, update, and delete products and their variants in your store
read_orders	Access order information including customer details, order status, line items, and payment information
write_orders	Create and modify orders, including fulfillment updates and order cancellations
read_inventory	View inventory levels and stock information across locations
write_inventory	Modify inventory quantities and transfer inventory between locations
read_customers	Access customer data including contact information and purchase history
write_customers	Create new customers and update existing customer information

Step-by-Step Guide

Follow these detailed steps to generate your Shopify access token and find your store API key:

Step 1: Access the Shopify Admin Dashboard

Log in to your Shopify admin account using your store URL and credentials. Navigate to your store's admin panel by visiting https://admin.shopify.com or https://your-store-name.myshopify.com/admin. Make sure you're logged in with an account that has full admin permissions, as restricted accounts may not have access to app development features.

Step 2: Navigate to Apps and Integrations

In the left sidebar menu, locate and click on "Apps and sales channels" (or "Apps" in older Shopify versions). This section contains all your installed apps and the tools needed to create custom integrations. You should see options for both installed apps and app development settings.

Step 3: Access App Settings or Develop Apps

Look for a "Develop apps" link or button, typically found at the top of the Apps section. If you don't see this option, you may need to enable app development in your store settings. Click "Create an app" to begin the process of setting up your custom integration.

Step 4: Create a New Custom App

In the app creation dialog, enter a descriptive name for your custom app. Use a clear name that indicates its purpose, such as "Inventory Sync Tool" or "Order Automation Integration". You may also be asked to provide information about the app's purpose and functionality. Fill in these details accurately, as they help Shopify understand your use case and provide relevant security recommendations.

Step 5: Configure API Scopes and Permissions

After creating your app, navigate to the "Configuration" or "Admin API" section. Here you'll see a list of available scopes. Select only the scopes your integration requires. For example:

• If you're syncing orders: select read_orders
• If you're updating inventory: select write_inventory and read_inventory
• If you're managing products: select read_products and optionally write_products

Save your scope selections before proceeding to the next step.

Step 6: Review and Accept Terms

Shopify will display important information about your app's permissions and access. Review this carefully to ensure you understand what data your token can access. Accept the terms and conditions to proceed with generating your access token.

Step 7: Generate Your Access Token

Look for a button labeled "Install app" or "Generate token". Click this button, and Shopify will generate your access token. This token typically appears as a long string of characters that looks similar to this format:

shpat_abcdef123456789ghijklmnop

Important: Copy this token immediately and store it in a secure location. Shopify only displays it once, and you cannot retrieve it again after closing this page. If you lose your token, you'll need to regenerate a new one.

Step 8: Verify Your Store API Key

Your store's API key (also called the API credential) can be found in the same configuration section. It typically appears as a shorter alphanumeric string and is used in conjunction with your access token for API authentication. Make note of both your API key and API password (if applicable) from this screen.

Step 9: Test Your Token

Before implementing your token in production, test it by making a simple API call. Use the following curl example to verify your token works correctly:

curl -X GET "https://your-store-name.myshopify.com/admin/api/2024-01/products.json" \
  -H "X-Shopify-Access-Token: shpat_your_token_here"

Replace your-store-name with your actual store name and shpat_your_token_here with your generated access token. If successful, you should receive a JSON response containing your store's product data.

Step 10: Secure Storage and Implementation

Never hardcode your access token directly in your application code or commit it to version control. Instead, use environment variables or a secure secrets management system. For example, in a Node.js application:

const accessToken = process.env.SHOPIFY_ACCESS_TOKEN;
const shopName = process.env.SHOPIFY_SHOP_NAME;

const apiUrl = `https://${shopName}.myshopify.com/admin/api/2024-01/products.json`;

fetch(apiUrl, {
  headers: {
    'X-Shopify-Access-Token': accessToken
  }
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));

Using GetShopifyToken (Faster Method)

While the manual process works well, if you need to quickly set up multiple stores or integrate with various third-party platforms, GetShopifyToken at https://getshopifytoken.com automates the entire process. This service streamlines token generation, making it ideal for agencies managing multiple client stores or developers handling numerous integrations simultaneously.

GetShopifyToken handles the configuration complexity and allows you to generate tokens with appropriate scopes in just a few clicks, significantly reducing setup time and potential configuration errors. This is particularly valuable in 2026 when you're managing multiple integrations across different platforms.

Common Issues

• Token Not Displaying: Ensure you have admin access and app development is enabled in your store settings. Contact Shopify support if the option to create apps doesn't appear.
• Insufficient Permissions Error: Verify you've selected the correct scopes for your integration. Review your app configuration and add any missing scopes you need.
• 401 Unauthorized Responses: Check that your token hasn't expired, you're using the correct store URL format, and the token is being passed in the correct header format.
• Rate Limiting Issues: Shopify implements rate limiting on API calls. Implement exponential backoff in your code to handle rate limit responses gracefully.
• CORS Errors: If making requests from a browser, ensure your integration properly handles CORS. Consider making API calls from a backend server instead.
• Token Accidentally Exposed: If you believe your token has been compromised, immediately regenerate a new one through your app settings. The old token will be invalidated.
• API Version Compatibility: Ensure you're using a supported Shopify Admin API version. Older API versions may not support all current features.

Related Guides

• How to Set Up Shopify Webhooks for Real-Time Data Synchronization
• Shopify GraphQL API: A Complete Guide to Modern API Integration
• Best Practices for Securing Shopify API Credentials and Access Tokens

Frequently Asked Questions

Q: Can I use the same access token across multiple applications?

While technically possible, it's not recommended from a security standpoint. Best practice is to create separate custom apps with their own access tokens for each integration or application. This allows you to revoke access to one app without affecting others, and it makes it easier to track which applications are accessing your store data.

Q: How often should I rotate my Shopify access tokens?

Shopify access tokens don't expire automatically unless you revoke them manually. However, security best practices recommend rotating tokens periodically (annually or when team members leave). You should definitely rotate tokens if you suspect they've been compromised or if you need to restrict an application's access.

Q: What's the difference between a public app and a custom app?

Custom apps are designed for your specific store and cannot be shared with other merchants. Public apps are built for the Shopify App Store and can be installed by multiple stores. For most integrations, custom apps are the appropriate choice. Public apps require additional security reviews and compliance with Shopify's requirements.

Q: Can I regenerate an access token without creating a new app?

Yes. In your app's configuration settings, you should find a "Regenerate" or "Reset token" option. This will invalidate the old token and create a new one. However, note that this will temporarily interrupt any integrations using the old token, so coordinate the change with your implementation.

Q: Is there a limit to how many custom apps I can create?

Shopify doesn't impose a hard limit on the number of custom apps you can create per store. However, best practice is to consolidate related functionality into fewer apps rather than creating numerous single-purpose apps, as this simplifies management and reduces administrative overhead.