Session tokens overview
Embedded apps in the Shopify admin authenticate using OAuth and session tokens. This guide is for developing embedded apps. It covers why Shopify is migrating from cookies to session tokens and the migration timeline.
Why Shopify is migrating to session tokens
Browsers that restrict cross-domain data access to protect privacy will prevent data transfer between an embedded app and Shopify. This is because the embedded app is hosted in an iframe on a different domain than the Shopify admin.
For more information about the measures taken to remove third-party cookie support by browsers, refer to the following articles:
Timeline for migrating to session tokens
As of April 2021, new submissions for embedded apps are required to use session tokens.
Looking forward, browsers will continue to implement restrictions on cookies, which will break embedded apps still relying on cookies.
- Learn about the technical details of session tokens and the role that they play in authenticating an embedded Shopify app.