Authenticate your agent

Before you build out your agentic experience, you need to create a new JSON Web Token (JWT) that will be used in tool calls.

Anchor to RequirementsRequirements

• Access to Shopify's Dev Dashboard to generate API credentials

Anchor to Generate API credentialsGenerate API credentials

Get your client credentials and generate API keys to authenticate with the Catalog MCP server.

1. In Dev Dashboard click Catalogs from the sidebar.

2. Click Get an API key. Name your key, and then click Create.

3. Obtain your client credentials (client ID and secret) for the newly created key.

   

4. Make a POST request to the token endpoint to generate a JWT-formatted bearer token you'll use for subsequent requests:

   Terminal

   Copy

   9

   1

   2

   3

   4

   5

   6

   7

   8

   curl --request POST \

   --url https://api.shopify.com/auth/access_token \

   --header 'Content-Type: application/json' \

   --data '{

   "client_id": "{your_client_id}",

   "client_secret": "{your_client_secret}",

   "grant_type": "client_credentials",

   }'

5. Create a .env file and add your token:

   .env

   Copy

   9

   1

   BEARER_TOKEN={your_token}
   Tokens

   Do not commit this sensitive token. It's included in a .env file here to help you through this tutorial easily, but also assuming that you are following best practices and not committing this file.

   This token will also expire, so if you plan on continuing to use .env files you will need to update its value regularly. Alternatively you can integrate token generation alongside the steps that follow to refresh and use on each request.

   See the Catalog MCP Authentication reference for more information.

Anchor to Next stepsNext steps

Search the catalog

Now that you're authenticated, you're ready to search Shopify Catalog.