# StorefrontAccessToken
You can use the StorefrontAccessToken resource to generate storefront access tokens. Storefront access tokens are
used to delegate unauthenticated access scopes to clients that need to access the unautheticated Storefront API. A sales channel
can generate a storefront access token and then pass it to a consuming client, such as JavaScript or a mobile application.
Note
Storefront access tokens are allocated on a per shop basis, and an application can have a maximum of 100 active Storefront access tokens per shop.
A storefront access token inherits all of the unauthenticated access
scopes from the app that creates it. If the app has not been granted any unauthenticated access scopes, then
creating the storefront access token will fail.
## Resource Properties
### StorefrontAccessToken
* id: Unique id
that identifies a token and is used to perform operations on it.
* Type: x-string
* Example: {"id"=>1053727709}
* access_token: The issued public access token.
* Type: x-string
* Example: {"access_token"=>"4f12cc6de73079c2c92ef4bef9e3c68a"}
* access_scope: An application-dependant, comma separated list of permissions associated with the token.
* Type: x-string
* Example: {"access_scope"=>"unauthenticated_read_product_listings"}
* created_at: The date and time when the public access token was created. The API returns this value in ISO 8601 format.
* Type: x-string
* Example: {"created_at"=>"2016-11-10T15:15:47-05:00"}
* title: An arbitrary title for each token determined by the developer/application, used for reference purposes.
Note
No constraint on uniqueness.
* Type: x-string
* Example: {"title"=>"Test"}
## Creates a new StorefrontAccessToken
Creates a new storefront access token
### Endpoint
/admin/api/#{api_version}/storefront_access_tokens.json (POST)
### Parameters
* api_version (required):
### Responses
#### 200
Creates a new StorefrontAccessToken
Examples:
##### Create a new storefront access token
Request:
```
POST /admin/api/unstable/storefront_access_tokens.json
{"storefront_access_token":{"title":"Test"}}
```
Response:
```
HTTP/1.1 200 OK
{"storefront_access_token":{"access_token":"58ce44faa12e743cfcfe77d34d5a39e8","access_scope":"unauthenticated_read_product_listings","created_at":"2025-01-02T11:39:14-05:00","id":1003304090,"admin_graphql_api_id":"gid://shopify/StorefrontAccessToken/1003304090","title":"Test"}}
```
#### 400
Creates a new StorefrontAccessToken
Examples:
##### Creating a token after exceeding the limit fails
Request:
```
POST /admin/api/unstable/storefront_access_tokens.json
{"storefront_access_token":{"title":"Token"}}
```
Response:
```
HTTP/1.1 400 Bad Request
{"errors":["Api permission exceeds public access token limit of: 100"]}
```
#### 403
Creates a new StorefrontAccessToken
Examples:
##### Generating a token for an app that lacks required unauthenticated scopes fails
Request:
```
POST /admin/api/unstable/storefront_access_tokens.json
{"storefront_access_token":{"title":"Test"}}
```
Response:
```
HTTP/1.1 403 Forbidden
{"errors":"App must be extendable to create a storefront access token."}
```
## Retrieves a list of storefront access tokens that have been issued
Retrieves a list of storefront access tokens that have been issued
### Endpoint
/admin/api/#{api_version}/storefront_access_tokens.json (GET)
### Parameters
* api_version (required):
### Responses
#### 200
Retrieves a list of storefront access tokens that have been issued
Examples:
##### Retrieve a list of storefront access tokens that have been issued
Request:
```
GET /admin/api/unstable/storefront_access_tokens.json
```
Response:
```
HTTP/1.1 200 OK
{"storefront_access_tokens":[{"access_token":"378d95641257a4ab3feff967ee234f4d","access_scope":"unauthenticated_read_product_listings","created_at":"2025-01-02T11:38:15-05:00","id":755357713,"admin_graphql_api_id":"gid://shopify/StorefrontAccessToken/755357713","title":"API Client Extension"}]}
```
## Deletes an existing storefront access token
Deletes an existing storefront access token
### Endpoint
/admin/api/#{api_version}/storefront_access_tokens/{storefront_access_token_id}.json (DELETE)
### Parameters
* api_version (required):
* storefront_access_token_id (required):
### Responses
#### 200
Deletes an existing storefront access token
Examples:
##### Delete an existing storefront access token
Request:
```
DELETE /admin/api/unstable/storefront_access_tokens/755357713.json
```
Response:
```
HTTP/1.1 200 OK
```