How to Get a Shopify Access Token for Admin API Integration
Getting a Shopify access token is essential for developers and business owners who want to integrate custom applications with their Shopify store. Whether you're building a private app, connecting third-party tools, or automating store management, understanding how to obtain and manage your Shopify admin token is crucial for secure API access in 2026.
This comprehensive guide walks you through every step of the process, from prerequisites to troubleshooting common issues. By the end, you'll have a working admin token ready for your integration projects.
What You Need
- A Shopify store (development or production store)
- Admin access to your Shopify store
- Basic understanding of REST APIs and authentication
- A text editor or development environment for storing your token securely
- A secure method to store sensitive credentials (environment variables, secrets manager, or vault)
- Either the Shopify Admin dashboard access or CLI tools installed
- Knowledge of which API scopes your integration requires
- HTTPS protocol capability for secure token transmission
Required API Scopes
Before generating your token, determine which scopes your application needs. Scopes define what permissions your app has to access Shopify store data. Always request the minimum scopes necessary for security best practices.
| Scope | What It Allows |
|---|---|
write_products |
Create, modify, and delete products in your store |
read_orders |
View order details, customer information, and transaction history |
write_orders |
Create and modify orders, process fulfillments, and manage order status |
read_customers |
Access customer data including contact information and purchase history |
write_customers |
Create new customers, update customer information, and manage customer accounts |
Step-by-Step Guide
Follow these steps to generate your Shopify access token manually through the admin dashboard:
Step 1: Log Into Your Shopify Admin Dashboard
Navigate to your Shopify store's admin panel at https://admin.shopify.com and log in with your store credentials. Ensure you have admin-level permissions; staff members with limited access won't be able to create apps or tokens.
Step 2: Navigate to Apps and Integrations
In the left sidebar, find the "Apps" section (the exact location may vary slightly depending on your Shopify plan). Click on "Apps and integrations" to access the app management area where you can create private apps or custom applications.
Step 3: Create a New App
Look for the button labeled "Create an app" or "Develop apps." In 2026, Shopify may have updated this interface, but the basic workflow remains consistent. Click to start the app creation process.
Step 4: Name Your Application
Enter a descriptive name for your application (e.g., "Inventory Sync Tool" or "Custom Analytics Dashboard"). This helps you identify the app's purpose later, especially if you manage multiple tokens.
Step 5: Select App Type and Configure Admin Access
Choose whether you're creating a public app or a custom private app. For most cases, a private app is sufficient. Then, define the required API scopes based on your integration needs. Only request the permissions your app actually requires.
Step 6: Generate Your Access Token
After configuring scopes, Shopify generates your admin access token. This token will appear only once, so copy it immediately and store it securely. Never share this token or commit it to version control systems.
Step 7: Test Your Token with an API Call
Verify your token works by making a test API request. Use the curl command below, replacing the placeholders with your actual store URL and token:
curl -X GET "https://your-store.myshopify.com/admin/api/2024-01/shop.json" \
-H "X-Shopify-Access-Token: shpat_your_token_here"A successful response returns your shop information in JSON format. If you receive an error, double-check that:
- Your token is entered correctly with no extra spaces
- The store URL matches your actual Shopify domain
- The API version (2024-01 in this example) is currently supported
- Your token has the required scopes for this endpoint
Step 8: Store Your Token Securely
Save your token in a secure location using one of these methods:
- Environment variables: Store in a
.envfile (never commit to Git) - Secrets manager: Use AWS Secrets Manager, Azure Key Vault, or similar services
- Configuration files: Keep in a protected server directory with restricted permissions
- Password manager: Use tools like 1Password or LastPass for team access
Using GetShopifyToken (Faster Method)
If you want to streamline the token generation process, GetShopifyToken.com provides an automated solution that handles the entire workflow for you. Instead of manually navigating the Shopify admin dashboard and managing configuration details, GetShopifyToken automates app creation and token generation, getting you up and running in minutes rather than steps.
This service is particularly valuable if you manage multiple Shopify stores or need to generate tokens frequently. It eliminates manual steps while maintaining security best practices, making it an excellent choice for developers and agencies working with multiple Shopify integrations.
Common Issues
- Token appears only once: If you didn't copy your token immediately, you'll need to regenerate it. Delete the current token and create a new one.
- "Unauthorized" errors in API calls: Verify your token is correct and has the required scopes. Check the X-Shopify-Access-Token header is properly formatted.
- Scope permission denied: Your token lacks permissions for that endpoint. Add the necessary scope and regenerate your token.
- API version not found: Ensure you're using a currently supported API version. Shopify deprecates old versions periodically.
- Token not working after store changes: If your store plan changed or was migrated, regenerate your token as permissions may have shifted.
- CORS errors in browser-based requests: Shopify Admin API doesn't support browser requests. Always make API calls from a secure backend server.
- Rate limiting: If you exceed API rate limits, implement exponential backoff in your requests and optimize your API usage patterns.
Related Guides
- How to Use Shopify Admin API with Python - Build Python applications that interact with your store data
- Shopify Webhook Setup Guide - Configure real-time event notifications for store changes
- Managing Multiple Shopify Store Tokens - Best practices for agencies handling numerous store integrations
Frequently Asked Questions
Q: Is my Shopify access token the same as my API key?
No. In Shopify's 2026 architecture, access tokens and API keys are distinct. Access tokens are used for API authentication (what you generate following this guide), while API keys may refer to other credentials used in different contexts. Always use your access token for REST API calls to the Admin API.
Q: How often should I regenerate my access token?
There's no mandatory expiration for Shopify access tokens, but security best practices suggest rotating them annually or if you suspect compromise. If a team member leaves, immediately regenerate tokens they had access to. You can have multiple active tokens for the same app to facilitate rotation.
Q: Can I use the same token for multiple applications?
While technically possible, it's not recommended. Create separate tokens for each application or integration. This limits damage if one token is compromised and makes debugging easier when troubleshooting API issues. It also aligns with the principle of least privilege in security.