---
title: ID Token API
description: >-
  The ID Token API retrieves an OpenID Connect ID Token from Shopify as a JWT
  string. Your backend can verify this token to confirm that a request came from
  an authenticated Shopify user.
source_url:
  html: >-
    https://shopify.dev/docs/api/app-home/apis/authentication-and-data/id-token-api
  md: >-
    https://shopify.dev/docs/api/app-home/apis/authentication-and-data/id-token-api.md
api_name: app-home
---

# ID Token API

The ID Token API retrieves an [OpenID Connect ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken) from Shopify as a [JWT string](https://jwt.io/introduction). Your backend can verify this token to confirm that a request came from an authenticated Shopify user.

In most cases, you don't need to call this method directly. App Bridge's [fetch interceptor](https://shopify.dev/docs/api/app-home/apis/resource-fetching) automatically includes the ID token in the `Authorization` header for requests to your app's domain. Use `shopify.idToken()` directly when you need the token for something other than a standard fetch request, such as a WebSocket connection or a third-party API call.

For more information, see the [session token documentation](https://shopify.dev/docs/apps/build/authentication-authorization/session-tokens).

### Use cases

* **Backend authentication:** Verify requests to your backend are from a Shopify-authenticated user.
* **Session validation:** Validate user sessions without requiring traditional cookie-based authentication.
* **Secure communication:** Exchange ID tokens for secure communication between your app frontend and backend.
* **Third-party auth:** Pass ID tokens to third-party services that support OpenID Connect verification.

## Id​Token​Api()

The `idToken` API is available on the `shopify` global. It returns a Promise that resolves to a JWT string.

### Returns

* **Promise\<string>**

Examples

### Examples

* ####

  ##### Description

  Retrieve an ID token from Shopify. The returned value is a JWT string that your backend can verify to authenticate the request.

  ##### js

  ```js
  const token = await shopify.idToken();
  // => 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...'
  ```

* ####

  ##### Description

  Pass the ID token when opening a WebSocket connection to your backend. This is a common use case for calling \`shopify.idToken()\` directly, since the fetch interceptor only handles standard fetch requests.

  ##### js

  ```js
  const token = await shopify.idToken();

  const socket = new WebSocket(
    `wss://your-app.example.com/ws?token=${token}`
  );
  ```

***