Skip to main content

The REST Admin API is a legacy API as of October 1, 2024. Starting April 1, 2025, all new public apps must be built exclusively with the GraphQL Admin API. For details and migration steps, visit our migration guide.

StorefrontAccessToken

You can use the StorefrontAccessToken resource to generate storefront access tokens. Storefront access tokens are used to delegate unauthenticated access scopes to clients that need to access the unautheticated Storefront API. A sales channel can generate a storefront access token and then pass it to a consuming client, such as JavaScript or a mobile application.

Note

Storefront access tokens are allocated on a per shop basis, and an application can have a maximum of 100 active Storefront access tokens per shop.

A storefront access token inherits all of the unauthenticated access scopes from the app that creates it. If the app has not been granted any unauthenticated access scopes, then creating the storefront access token will fail.

Was this section helpful?
#

Endpoints

Anchor to

The StorefrontAccessToken resource

Anchor to

Properties

id
read-only
->
id

Unique id that identifies a token and is used to perform operations on it.

access_token
read-only
->
accessToken

The issued public access token.

access_scope
read-only
->
accessScopes

An application-dependant, comma separated list of permissions associated with the token.

created_at
read-only
->
createdAt

The date and time when the public access token was created. The API returns this value in ISO 8601 format.

title
->
title

An arbitrary title for each token determined by the developer/application, used for reference purposes.

Note

No constraint on uniqueness.

Was this section helpful?
{}

The StorefrontAccessToken resource

{
"id": {
"id": 1053727709
},
"access_token": {
"access_token": "4f12cc6de73079c2c92ef4bef9e3c68a"
},
"access_scope": {
"access_scope": "unauthenticated_read_product_listings"
},
"created_at": {
"created_at": "2016-11-10T15:15:47-05:00"
},
"title": {
"title": "Test"
}
}

Anchor to POST request, Creates a new StorefrontAccessToken
post
Creates a new StorefrontAccessToken

storefrontAccessTokenCreate

Creates a new storefront access token

Anchor to Parameters of Creates a new StorefrontAccessTokenParameters

api_version
string
required
Was this section helpful?

Anchor to post-storefront-access-tokens-examplesExamples

Create a new storefront access token

Request body
storefront_access_token
Storefront_access_token resource
Show storefront_access_token properties
storefront_access_token.title:"Test"
->
title

An arbitrary title for each token determined by the developer/application, used for reference purposes.

Note

No constraint on uniqueness.

Creating a token after exceeding the limit fails

Request body
storefront_access_token
Storefront_access_token resource
Show storefront_access_token properties
storefront_access_token.title:"Token"
->
title

An arbitrary title for each token determined by the developer/application, used for reference purposes.

Note

No constraint on uniqueness.

Generating a token for an app that lacks required unauthenticated scopes fails

Request body
storefront_access_token
Storefront_access_token resource
Show storefront_access_token properties
storefront_access_token.title:"Test"
->
title

An arbitrary title for each token determined by the developer/application, used for reference purposes.

Note

No constraint on uniqueness.

Was this section helpful?
post

/admin/api/2025-07/storefront_access_tokens.json

curl -d '{"storefront_access_token":{"title":"Test"}}' \
-X POST "https://your-development-store.myshopify.com/admin/api/2025-07/storefront_access_tokens.json" \
-H "X-Shopify-Access-Token: {access_token}" \
-H "Content-Type: application/json"

{}

Response

JSON
HTTP/1.1 200 OK
{
"storefront_access_token": {
"access_token": "93781b58aa32d226961b449333894a65",
"access_scope": "unauthenticated_read_product_listings",
"created_at": "2025-07-01T14:31:03-04:00",
"id": 1003304090,
"admin_graphql_api_id": "gid://shopify/StorefrontAccessToken/1003304090",
"title": "Test"
}
}

Anchor to GET request, Retrieves a list of storefront access tokens that have been issued
get
Retrieves a list of storefront access tokens that have been issued

shop

Retrieves a list of storefront access tokens that have been issued

Anchor to Parameters of Retrieves a list of storefront access tokens that have been issuedParameters

api_version
string
required
Was this section helpful?

Anchor to get-storefront-access-tokens-examplesExamples

Retrieve a list of storefront access tokens that have been issued

Was this section helpful?
get

/admin/api/2025-07/storefront_access_tokens.json

curl -X GET "https://your-development-store.myshopify.com/admin/api/2025-07/storefront_access_tokens.json" \
-H "X-Shopify-Access-Token: {access_token}"

{}

Response

JSON
HTTP/1.1 200 OK
{
"storefront_access_tokens": [
{
"access_token": "378d95641257a4ab3feff967ee234f4d",
"access_scope": "unauthenticated_read_product_listings",
"created_at": "2025-07-01T14:28:21-04:00",
"id": 755357713,
"admin_graphql_api_id": "gid://shopify/StorefrontAccessToken/755357713",
"title": "API Client Extension"
}
]
}

Anchor to DELETE request, Deletes an existing storefront access token
del
Deletes an existing storefront access token

storefrontAccessTokenDelete

Deletes an existing storefront access token

Anchor to Parameters of Deletes an existing storefront access tokenParameters

api_version
string
required
storefront_access_token_id
string
required
Was this section helpful?

Anchor to delete-storefront-access-tokens-storefront-access-token-id-examplesExamples

Delete an existing storefront access token

Path parameters
storefront_access_token_id=755357713
string
required
Was this section helpful?
del

/admin/api/2025-07/storefront_access_tokens/755357713.json

curl -X DELETE "https://your-development-store.myshopify.com/admin/api/2025-07/storefront_access_tokens/755357713.json" \
-H "X-Shopify-Access-Token: {access_token}"

{}

Response

JSON
HTTP/1.1 200 OK