# StorefrontAccessToken <p>You can use the StorefrontAccessToken resource to generate storefront access tokens. Storefront access tokens are used to delegate unauthenticated access scopes to clients that need to access the unautheticated Storefront API. A sales channel can generate a storefront access token and then pass it to a consuming client, such as JavaScript or a mobile application.</p> <div class="note"> <h4>Note</h4> <p>Storefront access tokens are allocated on a per shop basis, and an application can have a maximum of 100 active Storefront access tokens per shop.</p> </div> <p>A storefront access token inherits all of the <a href="/docs/storefront-api/access-scopes">unauthenticated access scopes</a> from the app that creates it. If the app has not been granted any unauthenticated access scopes, then creating the storefront access token will fail.</p> ## Resource Properties ### StorefrontAccessToken * id: Unique <code>id</code> that identifies a token and is used to perform operations on it. * Type: x-string * Example: {"id"=>1053727709} * access_token: The issued public access token. * Type: x-string * Example: {"access_token"=>"4f12cc6de73079c2c92ef4bef9e3c68a"} * access_scope: An application-dependant, comma separated list of permissions associated with the token. * Type: x-string * Example: {"access_scope"=>"unauthenticated_read_product_listings"} * created_at: The date and time when the public access token was created. The API returns this value in <a href='//en.wikipedia.org/wiki/ISO_8601' target="_blank">ISO 8601 format</a>. * Type: x-string * Example: {"created_at"=>"2016-11-10T15:15:47-05:00"} * title: An arbitrary title for each token determined by the developer/application, used for reference purposes. <div class="note"> <h4>Note</h4> <p>No constraint on uniqueness.</p> </div> * Type: x-string * Example: {"title"=>"Test"} ## Creates a new StorefrontAccessToken Creates a new storefront access token ### Endpoint /admin/api/#{api_version}/storefront_access_tokens.json (POST) ### Parameters * api_version (required): ### Responses #### 200 Creates a new StorefrontAccessToken Examples: ##### Create a new storefront access token Request: ``` POST /admin/api/unstable/storefront_access_tokens.json {"storefront_access_token":{"title":"Test"}} ``` Response: ``` HTTP/1.1 200 OK {"storefront_access_token":{"access_token":"58ce44faa12e743cfcfe77d34d5a39e8","access_scope":"unauthenticated_read_product_listings","created_at":"2025-01-02T11:39:14-05:00","id":1003304090,"admin_graphql_api_id":"gid://shopify/StorefrontAccessToken/1003304090","title":"Test"}} ``` #### 400 Creates a new StorefrontAccessToken Examples: ##### Creating a token after exceeding the limit fails Request: ``` POST /admin/api/unstable/storefront_access_tokens.json {"storefront_access_token":{"title":"Token"}} ``` Response: ``` HTTP/1.1 400 Bad Request {"errors":["Api permission exceeds public access token limit of: 100"]} ``` #### 403 Creates a new StorefrontAccessToken Examples: ##### Generating a token for an app that lacks required unauthenticated scopes fails Request: ``` POST /admin/api/unstable/storefront_access_tokens.json {"storefront_access_token":{"title":"Test"}} ``` Response: ``` HTTP/1.1 403 Forbidden {"errors":"App must be extendable to create a storefront access token."} ``` ## Retrieves a list of storefront access tokens that have been issued Retrieves a list of storefront access tokens that have been issued ### Endpoint /admin/api/#{api_version}/storefront_access_tokens.json (GET) ### Parameters * api_version (required): ### Responses #### 200 Retrieves a list of storefront access tokens that have been issued Examples: ##### Retrieve a list of storefront access tokens that have been issued Request: ``` GET /admin/api/unstable/storefront_access_tokens.json ``` Response: ``` HTTP/1.1 200 OK {"storefront_access_tokens":[{"access_token":"378d95641257a4ab3feff967ee234f4d","access_scope":"unauthenticated_read_product_listings","created_at":"2025-01-02T11:38:15-05:00","id":755357713,"admin_graphql_api_id":"gid://shopify/StorefrontAccessToken/755357713","title":"API Client Extension"}]} ``` ## Deletes an existing storefront access token Deletes an existing storefront access token ### Endpoint /admin/api/#{api_version}/storefront_access_tokens/{storefront_access_token_id}.json (DELETE) ### Parameters * api_version (required): * storefront_access_token_id (required): ### Responses #### 200 Deletes an existing storefront access token Examples: ##### Delete an existing storefront access token Request: ``` DELETE /admin/api/unstable/storefront_access_tokens/755357713.json ``` Response: ``` HTTP/1.1 200 OK ```