--- title: StorefrontAccessToken description: Generate a storefront access token to access the Storefront API. api_version: unstable api_name: admin-rest api_type: rest source_url: html: https://shopify.dev/docs/api/admin-rest/unstable/resources/storefrontaccesstoken md: https://shopify.dev/docs/api/admin-rest/unstable/resources/storefrontaccesstoken.md --- ![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg) The REST Admin API is a legacy API as of October 1, 2024. Starting April 1, 2025, all new public apps must be built exclusively with the [GraphQL Admin API](https://shopify.dev/docs/api/admin-graphql). For details and migration steps, visit our [migration guide](https://shopify.dev/docs/apps/build/graphql/migrate). # Storefront​Access​Token You can use the StorefrontAccessToken resource to generate storefront access tokens. Storefront access tokens are used to delegate unauthenticated access scopes to clients that need to access the unautheticated Storefront API. A sales channel can generate a storefront access token and then pass it to a consuming client, such as JavaScript or a mobile application. Note Storefront access tokens are allocated on a per shop basis, and an application can have a maximum of 100 active Storefront access tokens per shop. A storefront access token inherits all of the [unauthenticated access scopes](https://shopify.dev/docs/storefront-api/access-scopes) from the app that creates it. If the app has not been granted any unauthenticated access scopes, then creating the storefront access token will fail. \# ## Endpoints * [post](https://shopify.dev/docs/api/admin-rest/unstable/resources/storefrontaccesstoken#post-storefront-access-tokens) [/admin/api/unstable/storefront\_​access\_​tokens.​json](https://shopify.dev/docs/api/admin-rest/unstable/resources/storefrontaccesstoken#post-storefront-access-tokens) Creates a new StorefrontAccessToken [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/mutations/storefrontAccessTokenCreate?example=creates-a-new-storefrontaccesstoken) [storefrontAccessTokenCreate](https://shopify.dev/docs/api/admin-graphql/latest/mutations/storefrontAccessTokenCreate?example=creates-a-new-storefrontaccesstoken) * [get](https://shopify.dev/docs/api/admin-rest/unstable/resources/storefrontaccesstoken#get-storefront-access-tokens) [/admin/api/unstable/storefront\_​access\_​tokens.​json](https://shopify.dev/docs/api/admin-rest/unstable/resources/storefrontaccesstoken#get-storefront-access-tokens) Retrieves a list of storefront access tokens that have been issued [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/queries/shop?example=retrieves-a-list-of-storefront-access-tokens-that-have-been-issued) [shop](https://shopify.dev/docs/api/admin-graphql/latest/queries/shop?example=retrieves-a-list-of-storefront-access-tokens-that-have-been-issued) * [del](https://shopify.dev/docs/api/admin-rest/unstable/resources/storefrontaccesstoken#delete-storefront-access-tokens-storefront-access-token-id) [/admin/api/unstable/storefront\_​access\_​tokens/{storefront\_​access\_​token\_​id}.​json](https://shopify.dev/docs/api/admin-rest/unstable/resources/storefrontaccesstoken#delete-storefront-access-tokens-storefront-access-token-id) Deletes an existing storefront access token [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/mutations/storefrontAccessTokenDelete?example=deletes-an-existing-storefront-access-token) [storefrontAccessTokenDelete](https://shopify.dev/docs/api/admin-graphql/latest/mutations/storefrontAccessTokenDelete?example=deletes-an-existing-storefront-access-token) *** ## The StorefrontAccessToken resource ### Properties *** id read-only -> [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/objects/StorefrontAccessToken#field-StorefrontAccessToken.fields.id) [id](https://shopify.dev/docs/api/admin-graphql/latest/objects/StorefrontAccessToken#field-StorefrontAccessToken.fields.id) Unique `id` that identifies a token and is used to perform operations on it. *** access\_token read-only -> [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/objects/StorefrontAccessToken#field-StorefrontAccessToken.fields.accessToken) [accessToken](https://shopify.dev/docs/api/admin-graphql/latest/objects/StorefrontAccessToken#field-StorefrontAccessToken.fields.accessToken) The issued public access token. *** access\_scope read-only -> [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/objects/StorefrontAccessToken#field-StorefrontAccessToken.fields.accessScopes) [accessScopes](https://shopify.dev/docs/api/admin-graphql/latest/objects/StorefrontAccessToken#field-StorefrontAccessToken.fields.accessScopes) An application-dependant, comma separated list of permissions associated with the token. *** created\_at read-only -> [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/objects/StorefrontAccessToken#field-StorefrontAccessToken.fields.createdAt) [createdAt](https://shopify.dev/docs/api/admin-graphql/latest/objects/StorefrontAccessToken#field-StorefrontAccessToken.fields.createdAt) The date and time when the public access token was created. The API returns this value in [ISO 8601 format](https://en.wikipedia.org/wiki/ISO_8601). *** title -> [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/objects/StorefrontAccessToken#field-StorefrontAccessToken.fields.title) [title](https://shopify.dev/docs/api/admin-graphql/latest/objects/StorefrontAccessToken#field-StorefrontAccessToken.fields.title) An arbitrary title for each token determined by the developer/application, used for reference purposes. Note No constraint on uniqueness. *** {} ## The StorefrontAccessToken resource ```json { "id": { "id": 1053727709 }, "access_token": { "access_token": "4f12cc6de73079c2c92ef4bef9e3c68a" }, "access_scope": { "access_scope": "unauthenticated_read_product_listings" }, "created_at": { "created_at": "2016-11-10T15:15:47-05:00" }, "title": { "title": "Test" } } ``` *** ## postCreates a new Storefront​Access​Token [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/mutations/storefrontAccessTokenCreate?example=creates-a-new-storefrontaccesstoken) [storefrontAccessTokenCreate](https://shopify.dev/docs/api/admin-graphql/latest/mutations/storefrontAccessTokenCreate?example=creates-a-new-storefrontaccesstoken) Creates a new storefront access token ### Parameters *** api\_version string required *** ### Examples Create a new storefront access token Request body storefront\_​access\_​token​ Storefront\_access\_token resource Show storefront\_access\_token properties storefront\_​access\_​token.title:​"Test" -> [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/input-objects/StorefrontAccessTokenInput#fields-title) [title](https://shopify.dev/docs/api/admin-graphql/latest/input-objects/StorefrontAccessTokenInput#fields-title) An arbitrary title for each token determined by the developer/application, used for reference purposes. Note No constraint on uniqueness. Creating a token after exceeding the limit fails Request body storefront\_​access\_​token​ Storefront\_access\_token resource Show storefront\_access\_token properties storefront\_​access\_​token.title:​"Token" -> [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/input-objects/StorefrontAccessTokenInput#fields-title) [title](https://shopify.dev/docs/api/admin-graphql/latest/input-objects/StorefrontAccessTokenInput#fields-title) An arbitrary title for each token determined by the developer/application, used for reference purposes. Note No constraint on uniqueness. Generating a token for an app that lacks required unauthenticated scopes fails Request body storefront\_​access\_​token​ Storefront\_access\_token resource Show storefront\_access\_token properties storefront\_​access\_​token.title:​"Test" -> [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/input-objects/StorefrontAccessTokenInput#fields-title) [title](https://shopify.dev/docs/api/admin-graphql/latest/input-objects/StorefrontAccessTokenInput#fields-title) An arbitrary title for each token determined by the developer/application, used for reference purposes. Note No constraint on uniqueness. post ## /admin/api/unstable/storefront\_​access\_​tokens.​json ```bash curl -d '{"storefront_access_token":{"title":"Test"}}' \ -X POST "https://your-development-store.myshopify.com/admin/api/unstable/storefront_access_tokens.json" \ -H "X-Shopify-Access-Token: {access_token}" \ -H "Content-Type: application/json" ``` {} ## Response JSON ```json HTTP/1.1 200 OK { "storefront_access_token": { "access_token": "cefcc97573067dc5dcede1219e4dbdbf", "access_scope": "unauthenticated_read_product_listings", "created_at": "2025-10-01T15:04:26-04:00", "id": 1003303990, "admin_graphql_api_id": "gid://shopify/StorefrontAccessToken/1003303990", "title": "Test" } } ``` ### examples * #### Create a new storefront access token ##### ```curl curl -d '{"storefront_access_token":{"title":"Test"}}' \ -X POST "https://your-development-store.myshopify.com/admin/api/unstable/storefront_access_tokens.json" \ -H "X-Shopify-Access-Token: {access_token}" \ -H "Content-Type: application/json" ``` ##### ```remix import { DataType } from '@shopify/shopify-api'; const client = new shopify.clients.Rest({session}); const data = await client.post({ path: 'storefront_access_tokens', data: {"storefront_access_token":{"title":"Test"}}, type: DataType.JSON, }); ``` ##### ```ruby session = ShopifyAPI::Auth::Session.new( shop: "your-development-store.myshopify.com", access_token: access_token ) client = ShopifyAPI::Clients::Rest::Admin.new( session: session ) response = client.post( path: 'storefront_access_tokens', body: { "storefront_access_token": { "title": "Test" } }, ) ``` ##### ```node import { DataType } from '@shopify/shopify-api'; const client = new shopify.clients.Rest({session}); const data = await client.post({ path: 'storefront_access_tokens', data: {"storefront_access_token":{"title":"Test"}}, type: DataType.JSON, }); ``` #### response ```json HTTP/1.1 200 OK{"storefront_access_token":{"access_token":"cefcc97573067dc5dcede1219e4dbdbf","access_scope":"unauthenticated_read_product_listings","created_at":"2025-10-01T15:04:26-04:00","id":1003303990,"admin_graphql_api_id":"gid://shopify/StorefrontAccessToken/1003303990","title":"Test"}} ``` * #### Creating a token after exceeding the limit fails ##### ```curl curl -d '{"storefront_access_token":{"title":"Token"}}' \ -X POST "https://your-development-store.myshopify.com/admin/api/unstable/storefront_access_tokens.json" \ -H "X-Shopify-Access-Token: {access_token}" \ -H "Content-Type: application/json" ``` ##### ```remix import { DataType } from '@shopify/shopify-api'; const client = new shopify.clients.Rest({session}); const data = await client.post({ path: 'storefront_access_tokens', data: {"storefront_access_token":{"title":"Token"}}, type: DataType.JSON, }); ``` ##### ```ruby session = ShopifyAPI::Auth::Session.new( shop: "your-development-store.myshopify.com", access_token: access_token ) client = ShopifyAPI::Clients::Rest::Admin.new( session: session ) response = client.post( path: 'storefront_access_tokens', body: { "storefront_access_token": { "title": "Token" } }, ) ``` ##### ```node import { DataType } from '@shopify/shopify-api'; const client = new shopify.clients.Rest({session}); const data = await client.post({ path: 'storefront_access_tokens', data: {"storefront_access_token":{"title":"Token"}}, type: DataType.JSON, }); ``` #### response ```json HTTP/1.1 400 Bad Request{"errors":["Api permission exceeds public access token limit of: 100"]} ``` * #### Generating a token for an app that lacks required unauthenticated scopes fails ##### ```curl curl -d '{"storefront_access_token":{"title":"Test"}}' \ -X POST "https://your-development-store.myshopify.com/admin/api/unstable/storefront_access_tokens.json" \ -H "X-Shopify-Access-Token: {access_token}" \ -H "Content-Type: application/json" ``` ##### ```remix import { DataType } from '@shopify/shopify-api'; const client = new shopify.clients.Rest({session}); const data = await client.post({ path: 'storefront_access_tokens', data: {"storefront_access_token":{"title":"Test"}}, type: DataType.JSON, }); ``` ##### ```ruby session = ShopifyAPI::Auth::Session.new( shop: "your-development-store.myshopify.com", access_token: access_token ) client = ShopifyAPI::Clients::Rest::Admin.new( session: session ) response = client.post( path: 'storefront_access_tokens', body: { "storefront_access_token": { "title": "Test" } }, ) ``` ##### ```node import { DataType } from '@shopify/shopify-api'; const client = new shopify.clients.Rest({session}); const data = await client.post({ path: 'storefront_access_tokens', data: {"storefront_access_token":{"title":"Test"}}, type: DataType.JSON, }); ``` #### response ```json HTTP/1.1 403 Forbidden{"errors":"App must be extendable to create a storefront access token."} ``` *** ## getRetrieves a list of storefront access tokens that have been issued [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/queries/shop?example=retrieves-a-list-of-storefront-access-tokens-that-have-been-issued) [shop](https://shopify.dev/docs/api/admin-graphql/latest/queries/shop?example=retrieves-a-list-of-storefront-access-tokens-that-have-been-issued) Retrieves a list of storefront access tokens that have been issued ### Parameters *** api\_version string required *** ### Examples Retrieve a list of storefront access tokens that have been issued get ## /admin/api/unstable/storefront\_​access\_​tokens.​json ```bash curl -X GET "https://your-development-store.myshopify.com/admin/api/unstable/storefront_access_tokens.json" \ -H "X-Shopify-Access-Token: {access_token}" ``` {} ## Response JSON ```json HTTP/1.1 200 OK { "storefront_access_tokens": [ { "access_token": "378d95641257a4ab3feff967ee234f4d", "access_scope": "unauthenticated_read_product_listings", "created_at": "2025-10-01T15:04:04-04:00", "id": 755357713, "admin_graphql_api_id": "gid://shopify/StorefrontAccessToken/755357713", "title": "API Client Extension" } ] } ``` ### examples * #### Retrieve a list of storefront access tokens that have been issued ##### ```curl curl -X GET "https://your-development-store.myshopify.com/admin/api/unstable/storefront_access_tokens.json" \ -H "X-Shopify-Access-Token: {access_token}" ``` ##### ```remix const client = new shopify.clients.Rest({session}); const data = await client.get({ path: 'storefront_access_tokens', }); ``` ##### ```ruby session = ShopifyAPI::Auth::Session.new( shop: "your-development-store.myshopify.com", access_token: access_token ) client = ShopifyAPI::Clients::Rest::Admin.new( session: session ) response = client.get( path: 'storefront_access_tokens', ) ``` ##### ```node const client = new shopify.clients.Rest({session}); const data = await client.get({ path: 'storefront_access_tokens', }); ``` #### response ```json HTTP/1.1 200 OK{"storefront_access_tokens":[{"access_token":"378d95641257a4ab3feff967ee234f4d","access_scope":"unauthenticated_read_product_listings","created_at":"2025-10-01T15:04:04-04:00","id":755357713,"admin_graphql_api_id":"gid://shopify/StorefrontAccessToken/755357713","title":"API Client Extension"}]} ``` *** ## delDeletes an existing storefront access token [![](https://shopify.dev/images/logos/GraphQL.svg)![](https://shopify.dev/images/logos/GraphQL-dark.svg)](https://shopify.dev/docs/api/admin-graphql/latest/mutations/storefrontAccessTokenDelete?example=deletes-an-existing-storefront-access-token) [storefrontAccessTokenDelete](https://shopify.dev/docs/api/admin-graphql/latest/mutations/storefrontAccessTokenDelete?example=deletes-an-existing-storefront-access-token) Deletes an existing storefront access token ### Parameters *** api\_version string required *** storefront\_access\_token\_id string required *** ### Examples Delete an existing storefront access token Path parameters storefront\_​access\_​token\_​id=​755357713 string required del ## /admin/api/unstable/storefront\_​access\_​tokens/755357713.​json ```bash curl -X DELETE "https://your-development-store.myshopify.com/admin/api/unstable/storefront_access_tokens/755357713.json" \ -H "X-Shopify-Access-Token: {access_token}" ``` {} ## Response JSON ```json HTTP/1.1 200 OK ``` ### examples * #### Delete an existing storefront access token ##### ```curl curl -X DELETE "https://your-development-store.myshopify.com/admin/api/unstable/storefront_access_tokens/755357713.json" \ -H "X-Shopify-Access-Token: {access_token}" ``` ##### ```remix const client = new shopify.clients.Rest({session}); const data = await client.delete({ path: 'storefront_access_tokens/755357713', }); ``` ##### ```ruby session = ShopifyAPI::Auth::Session.new( shop: "your-development-store.myshopify.com", access_token: access_token ) client = ShopifyAPI::Clients::Rest::Admin.new( session: session ) response = client.delete( path: 'storefront_access_tokens/755357713', ) ``` ##### ```node const client = new shopify.clients.Rest({session}); const data = await client.delete({ path: 'storefront_access_tokens/755357713', }); ``` #### response ```json HTTP/1.1 200 OK ```