---
title: Authenticate your agent
description: >-
  Learn how to generate API credentials and authenticate your agent with
  Shopify's MCP servers.
source_url:
  html: 'https://shopify.dev/docs/agents/get-started/authentication'
  md: 'https://shopify.dev/docs/agents/get-started/authentication.md'
---

# Authenticate your agent

Shopify provides a global access token that authenticates your agent with both the [Catalog](https://shopify.dev/docs/agents/catalog/mcp) and [Checkout](https://shopify.dev/docs/agents/checkout/mcp) MCP servers. You can generate this token from the Dev Dashboard using your client credentials.

This tutorial shows you how to create API credentials, generate a JWT-formatted bearer token, and store it for use in subsequent requests.

***

## Requirements

* Access to [Shopify's Dev Dashboard](https://dev.shopify.com/dashboard) to generate API credentials

***

## Generate API credentials

Get your client credentials and generate API keys to authenticate with the Catalog MCP server.

1. In [Dev Dashboard](https://dev.shopify.com/dashboard/) click **Catalogs** from the sidebar.

2. Click **Get an API key**. Name your key, and then click **Create**.

3. Obtain your client credentials (client ID and secret) for the newly created key.

   ![Dev Dashboard showing API key generation interface](https://shopify.dev/assets/assets/images/agents/dev-dash-agents-apikeys-DN1xCsuV.png)

4. Make a `POST` request to the token endpoint to generate a JWT-formatted bearer token you'll use for subsequent requests:

   ## Terminal

   ```bash
   curl --request POST \
     --url https://api.shopify.com/auth/access_token \
     --header 'Content-Type: application/json' \
     --data '{
       "client_id": "{your_client_id}",
       "client_secret": "{your_client_secret}",
       "grant_type": "client_credentials"
     }'
   ```

5. Create a `.env` file and add your token:

   ## .env

   ```bash
   BEARER_TOKEN={your_token}
   ```

   **Tokens:**

   Don't commit this sensitive token. It's included in a `.env` file here to help you through this tutorial easily, but it's assumed that you're following best practices and not committing this file.

   This token also expires, so if you plan on continuing to use `.env` files you'll need to update its value regularly. You can also integrate token generation just before requests are made in the steps to keep them from expiring.

   See the [Catalog MCP Authentication reference](https://shopify.dev/docs/agents/catalog/mcp#authenticate) for more information.

***

## Next steps

[Search the catalog\
\
](https://shopify.dev/docs/agents/get-started/search-catalog)

[Now that you're authenticated, you're ready to search Shopify Catalog.](https://shopify.dev/docs/agents/get-started/search-catalog)

***