Authentication and authorization overview
This guide introduces the different methods of authenticating and authorizing apps with Shopify’s platform. Make sure that you understand the differences between the types of authentication and authorization schemes before you begin your development process.
Authentication vs authorization
Anchor link to section titled "Authentication vs authorization"Authentication is the process of verifying the identity of the user or the app. To keep transactions on Shopify’s platform safe and secure, all apps connecting with Shopify APIs must authenticate when making API requests.
Authorization is the process of giving permissions to apps. Merchants can authorize Shopify apps to access data in a store. For example, an app might be authorized to access orders and product data in a store.
Types of authentication and authorization methods
Anchor link to section titled "Types of authentication and authorization methods"Different types of apps use different authentication or authorization methods:
- Public apps use OAuth.
- Public apps that are embedded in the Shopify admin use OAuth and session tokens.
- Custom apps created in the Partner Dashboard use OAuth.
- Custom apps created in the Partner Dashboard that are then embedded in the Shopify admin use OAuth and session tokens.
- Custom apps that are created in the Shopify admin use access tokens that are generated in the Shopify admin.
- Authorize your public app or custom app that was created in the Partner Dashboard using OAuth.
- Authenticate your admin-created custom app with access tokens.
- Authenticate your embedded app using session tokens.