OAuth overview

OAuth 2.0 is the industry-standard protocol for authorizing or giving permissions to apps. This differs from authentication, which is the process of verifying the identity of the user or the app. The following video illustrates how OAuth works in Shopify:

Shopify uses OAuth 2.0’s authorization code grant flow to issue access tokens on behalf of users. The OAuth flow is used so that merchants can authorize Shopify apps to access data in a store. For example, an app might be authorized to access orders and product data in a store.

The following diagram illustrates the OAuth flow based on the actions of the merchant, your app, and Shopify:

1. The merchant makes a request to install the app.

2. The app redirects to Shopify to load the OAuth grant screen and requests the merchant to authorize the required scopes.

3. The merchant authorizes the app by consenting to the requested scopes.

4. The app receives an authorization grant. This is a temporary credential representing the authorization.

5. The app requests an access token by authenticating with Shopify and presenting the authorization grant.

6. Shopify authenticates the app, validates the authorization grant, and then issues and returns an access token. The app can now request data from Shopify.

7. The app uses the access token to make requests to the Shopify API.

8. Shopify validates the access token and returns the requested data.

• Authorize an app that was created in the Partner Dashboard or Shopify CLI using OAuth.