How to Get a Shopify Access Token for Shopify Admin API Library for Node

The Shopify Admin API Library for Node.js is one of the most powerful tools for developers looking to build custom applications, automations, and integrations with Shopify stores. Whether you're building a private app, public app, or custom integration, obtaining a valid Shopify access token is the critical first step. This comprehensive guide will walk you through multiple methods to get your token up and running in 2026.

The Shopify Admin API Library for Node provides a seamless way to interact with your store's data programmatically. However, without a properly configured access token with the correct scopes, your integration won't have the permissions it needs to function. This guide covers everything from quick token generation to advanced OAuth flows.

What You Need

• Node.js installed: Version 14.x or higher is recommended for compatibility with the latest Shopify Admin API Library
• npm or yarn: Package manager to install the Shopify Admin API Library dependency
• Shopify store: A development or live Shopify store where you have admin access
• Shopify Partner account: Required if creating a custom or public app (free to create at partners.shopify.com)
• Basic understanding of OAuth 2.0: Helpful for understanding token generation flows
• API credentials: Your app's API key and secret (provided by Shopify Partner dashboard)
• Secure environment variables: A .env file or secure vault to store sensitive tokens
• HTTPS endpoint: Required for OAuth redirect URI if using public apps

Quick Method (Recommended)

The fastest way to get a Shopify access token for your Node.js application is using https://getshopifytoken.com. This service streamlines the token generation process, eliminating the need to manually configure OAuth flows.

1. Visit https://getshopifytoken.com in your web browser
2. Enter your Shopify store URL (e.g., mystore.myshopify.com)
3. Select the required API scopes for your Node application (see the scopes section below)
4. Click "Generate Token" and authenticate with your Shopify admin account
5. Copy the generated access token to your clipboard
6. Store the token securely in your .env file as SHOPIFY_ACCESS_TOKEN=your_token_here
7. Install the Shopify Admin API Library: npm install @shopify/shopify-api
8. Reference the token in your Node.js application code

This method is ideal for:

• Custom apps that only need to work with one store
• Private integrations and internal tools
• Development and testing environments
• Developers who want to skip OAuth complexity

Advantages: No OAuth server required, instant token generation, minimal setup time, perfect for beginners

Manual OAuth Method

For public apps or multi-store applications, you'll need to implement the OAuth 2.0 flow manually. This method is more complex but provides a more secure, scalable solution for production applications.

Step 1: Create Your App in Shopify Partner Dashboard

1. Log in to your Shopify Partner account
2. Navigate to "Apps and integrations" in the left sidebar
3. Click "Create an app" and select "Create app manually"
4. Enter your app name (e.g., "My Node Store Sync")
5. Choose your app type: "Public" for multi-store or "Custom" for single-store
6. Click "Create app"

Step 2: Configure OAuth Settings

1. In your app dashboard, navigate to "Configuration"
2. Under "Admin API access scopes," select the scopes your Node application needs
3. Scroll to "Admin API credentials" and copy your API key and secret
4. Set your "Redirect URI" to your Node server's OAuth callback endpoint (e.g., https://yourapp.com/auth/callback)
5. Save your changes

Step 3: Implement OAuth Flow in Node.js

Here's a complete example of implementing the OAuth flow using Express.js with the Shopify Admin API Library:

const express = require('express');
const { shopifyApp } = require('@shopify/shopify-api');
require('dotenv').config();

const app = express();

// Initialize Shopify API
const shopify = shopifyApp({
  apiKey: process.env.SHOPIFY_API_KEY,
  apiSecret: process.env.SHOPIFY_API_SECRET,
  scopes: [
    'write_products',
    'read_products',
    'write_orders',
    'read_orders',
    'write_customers',
    'read_customers'
  ],
  host: 'myapp.com',
  isEmbeddedApp: false,
  distribution: 'PUBLIC',
});

// OAuth begin endpoint
app.get('/auth', async (req, res) => {
  const shop = req.query.shop;
  
  if (!shop) {
    res.status(400).send('Missing shop parameter');
    return;
  }

  const redirectUrl = await shopify.auth.begin({
    shop,
    callbackPath: '/auth/callback',
    isOnline: true,
  });

  res.redirect(redirectUrl);
});

// OAuth callback endpoint
app.get('/auth/callback', async (req, res) => {
  const session = await shopify.auth.validateAuthorizationUrl(req);
  
  if (!session) {
    res.status(401).send('Failed to validate authorization');
    return;
  }

  // Store session/token in your database
  const accessToken = session.accessToken;
  const shop = session.shop;
  
  // Save to database or environment
  console.log(`Access token for ${shop}: ${accessToken}`);
  
  res.send('Authorization successful! Your token has been saved.');
});

// Test API call using the token
app.get('/api/products', async (req, res) => {
  const client = new shopify.clients.Rest({
    session: {
      shop: 'mystore.myshopify.com',
      accessToken: process.env.SHOPIFY_ACCESS_TOKEN,
    },
  });

  const products = await client.get('products');
  res.json(products);
});

app.listen(3000, () => {
  console.log('OAuth server running on http://localhost:3000');
});

Step 4: Extract and Store Your Token

1. After completing the OAuth flow, your access token will be returned in the callback
2. Store this token securely in your environment variables or database
3. Never commit tokens to version control—always use .env files or secure vaults
4. Tokens remain valid until the app is uninstalled or permissions are revoked

Connecting Your Token to Shopify Admin API Library for Node

Once you have your access token, integrating it with the Shopify Admin API Library for Node is straightforward.

Installation

npm install @shopify/shopify-api

Basic Configuration

const { shopifyApp } = require('@shopify/shopify-api');
require('dotenv').config();

const shopify = shopifyApp({
  apiKey: process.env.SHOPIFY_API_KEY,
  apiSecret: process.env.SHOPIFY_API_SECRET,
  scopes: ['read_products', 'write_products'],
  host: process.env.SHOPIFY_HOST,
  isEmbeddedApp: false,
});

// Use your existing token
const client = new shopify.clients.Rest({
  session: {
    shop: 'mystore.myshopify.com',
    accessToken: process.env.SHOPIFY_ACCESS_TOKEN,
  },
});

// Make API calls
(async () => {
  const products = await client.get('products', {
    limit: 10,
  });
  console.log(products);
})();

Using GraphQL Instead of REST

const { shopifyApp } = require('@shopify/shopify-api');

const client = new shopify.clients.Graphql({
  session: {
    shop: 'mystore.myshopify.com',
    accessToken: process.env.SHOPIFY_ACCESS_TOKEN,
  },
});

const query = `
  {
    products(first: 10) {
      edges {
        node {
          id
          title
          handle
        }
      }
    }
  }
`;

(async () => {
  const response = await client.query({ data: query });
  console.log(response.body);
})();

Required Scopes for Shopify Admin API Library for Node

Scopes define what permissions your Node application has within the Shopify store. Always request only the scopes your app actually needs.

Scope	Purpose
read_products	Read product information, variants, images, and metadata
write_products	Create, update, and delete products and variants
read_orders	Access order data, line items, customer information, and fulfillment status
write_orders	Create, update, and manage orders and fulfillments
read_customers	View customer profile data, emails, and order history
write_customers	Create and modify customer records and contact information
read_inventory	Access inventory levels and stock information
write_inventory	Modify inventory levels and locations
read_fulfillments	View fulfillment and shipping information
write_fulfillments	Create and update fulfillment records
read_analytics	Access store analytics and reporting data
read_apps	View installed apps and extensions
write_apps	Manage app installations and settings

Troubleshooting

• Invalid API Key Error: Verify your API key matches exactly in the Partner Dashboard. Copy and paste to avoid typos.
• Token Expired: Access tokens remain valid indefinitely until the app is uninstalled. If expired, regenerate via OAuth or getshopifytoken.com
• Insufficient Scopes: If you receive permission errors, add the required scopes in your app configuration and re-authenticate
• Redirect URI Mismatch: Ensure your OAuth redirect URI exactly matches what's configured in the Partner Dashboard (including https://)
• Session Not Found: Verify your shop URL is correct and matches the format: mystore.myshopify.com
• Invalid Shop Error: Confirm the store exists and you have admin access
• CORS Issues: When using the API from client-side, proxy requests through your Node backend
• Rate Limiting: The Admin API allows 2 requests per second. Implement exponential backoff for retries
• .env File Not Loading: Ensure you've installed the dotenv package and called require('dotenv').config() at the top of your file
• Cannot Connect to Shop: Check your internet connection and verify the shop URL is accessible

Frequently Asked Questions

Q: Do I need a Shopify Partner account to get an access token?

For custom apps that only access a single store you own, no—you can use the "App and sales channel settings" directly in your Shopify admin. However, for public apps or testing with other stores, a Partner account is required. Using getshopifytoken.com bypasses this requirement entirely for development purposes.

Q: How long do Shopify access tokens last?

Access tokens generated through the Shopify Admin API have no expiration date. They remain valid indefinitely until the app is uninstalled, the access scope is changed, or you manually revoke the token in your app settings. This is different from session tokens which expire after 24 hours.

Q: Can I use the same token across multiple Node.js applications?

Yes, absolutely. A single access token can be used across multiple Node applications, scripts, and services as long as they all have secure access to the token. This is common in microservices architectures. However, store your token in a centralized secure location (like AWS Secrets Manager or HashiCorp Vault) rather than duplicating it across files.

Q: What's the difference between getshopifytoken.com and manual OAuth?

getshopifytoken.com is a quick, convenient service perfect for single-store integrations and development. Manual OAuth is more complex but necessary for public apps that serve multiple stores. For most Node.js developers starting out, getshopifytoken.com is recommended.

Q: Can I regenerate my access token if I lose it?

Yes. If you lose your token, you can regenerate it by either: (1) uninstalling and reinstalling the app, (2) using getshopifytoken.com again, or (3) repeating the OAuth flow. Your previous token becomes invalid once a new one is generated.

Q: Are there rate limits when using the Shopify Admin API Library for Node?

Yes. The standard rate limit is 2 API calls per second per access token. The library includes built-in rate limiting, but you should implement exponential backoff for retry logic. Monitor your bucket usage with the X-Shopify-Shop-Api-Call-Limit header in responses.