---
title: Generate access tokens for custom apps in the Shopify admin
description: Authenticate a custom app that was created in the Shopify admin.
source_url:
  html: https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin
  md: https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin.md
---

ExpandOn this page

* [Requirements](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#requirements)
* [Step 1: Create and install the app](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#step-1-create-and-install-the-app)
* [Step 2: Make authenticated requests](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#step-2-make-authenticated-requests)
* [Rotating API credentials or generating new access tokens for admin-created apps](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#rotating-api-credentials-or-generating-new-access-tokens-for-admin-created-apps)
* [Changing API scopes](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#changing-api-scopes)
* [Next steps](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#next-steps)

# Generate access tokens for custom apps in the Shopify admin

You can create a custom app for a store directly in the Shopify admin. To authenticate an admin-created custom app, you or the app user needs to install the app from the Shopify admin to generate API credentials and the necessary API access tokens.

Note

This guide applies only to custom apps that were created in the Shopify admin. If you created a custom storefront with the Headless channel in the Shopify admin, then Shopify creates public and private access tokens for you. For more information, refer to [Getting started with the Storefront API](https://shopify.dev/docs/storefronts/headless/building-with-the-storefront-api/getting-started). If you created a custom app via the Dev Dashboard or with Shopify CLI, refer to [About token acquisition](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/).

***

## Requirements

* You or the app user you're working with has created a Shopify store.
  * If you have a staff or collaborator account on a user's store, then make sure that the user gives you the [relevant permissions](#changing-api-scopes) to create a custom app and assign API scopes.
* The different [ways that you can distribute your app](https://shopify.dev/docs/apps/launch/distribution/select-distribution-method).
* You're familiar with the [different methods of authenticating and authorizing apps](https://shopify.dev/docs/apps/build/authentication-authorization) with Shopify's platform.

***

## Step 1: Create and install the app

You or the user can create and install a custom app in the Shopify admin by following the [Custom apps documentation](https://help.shopify.com/manual/apps/custom-apps) on the Shopify Help Center.

***

## Step 2: Make authenticated requests

A custom app can make authenticated requests to the GraphQL Admin API using the API access tokens that are generated when the app is installed on the store.

The following example shows how to retrieve a list of products using the [GraphQL Admin API](https://shopify.dev/docs/api/admin-graphql):

Info

Running the following queries required exported `SHOP_TOKEN` Admin API access token with at least the `read_products` scope. If following along, replace `shop` with the subdomain of your Shopify store. If you need to add the `read_products` scope to your token, you may need to redeploy the app.

## cURL

```terminal
curl -sX POST \
  https://{shop}.myshopify.com/admin/api/2025-10/graphql.json \
  -H 'Content-Type: application/json' \
  -H "X-Shopify-Access-Token: ${SHOP_TOKEN}" \
  -d @- <<EOF
{
  "query": "{
    products(first: 5) {
      edges {
        node {
          id
          handle
        }
      }
      pageInfo {
        hasNextPage
      }
    }
  }"
}
EOF
```

You can also use tools like [`jq`](https://jqlang.org/) to parse and extract specific data from the JSON response:

## cURL

```terminal
curl -sX POST \
  https://{shop}.myshopify.com/admin/api/2025-10/graphql.json \
  -H 'Content-Type: application/json' \
  -H "X-Shopify-Access-Token: ${SHOP_TOKEN}" \
  -d @- <<EOF | jq '.data.products.edges[].node | {id, handle}'
{
  "query": "{
    products(first: 5) {
      edges {
        node {
          id
          handle
        }
      }
      pageInfo {
        hasNextPage
      }
    }
  }"
}
EOF
```

This outputs only the product IDs and handles:

## Output

JSON

```json
{
  "id": "gid://shopify/Product/10079467700516",
  "handle": "the-draft-snowboard"
}
{
  "id": "gid://shopify/Product/10079467733284",
  "handle": "the-archived-snowboard"
}
{
  "id": "gid://shopify/Product/10079467766052",
  "handle": "the-hidden-snowboard"
}
```

***

## Rotating API credentials or generating new access tokens for admin-created apps

You can't rotate API credentials for custom apps created in the Shopify admin. You need to delete the app and [create a new custom app](https://shopify.dev/docs/api/shopify-app-remix/v3/guide-custom-apps) which has new API credentials.

To create new [access tokens](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin) for a custom app that was created in the Shopify admin, you need to [uninstall and reinstall](https://help.shopify.com/manual/apps/custom-apps) your app.

Caution

Your app's requests and webhooks are disrupted until you update your app's code with the new API credentials or access token.

If you want to rotate access tokens for a custom storefront that you build with the Headless channel, refer to the documentation on [rotating private access tokens in the Shopify admin](https://shopify.dev/docs/storefronts/headless/building-with-the-storefront-api/manage-headless-channels#rotate-private-access-tokens).

***

## Changing API scopes

Anyone with a staff or collaborator account on a store can change what store resources an admin-created custom app can access, but only if they have all the following permissions:

* the **Manage and install apps and channels** permission and the **Develop apps** permission

* the relevant permissions for the respective store resource

  For example, if a staff or collaborator account has the **View or manage products, variants, and collections** permission for the store, then they can only change API scopes related to the store's products, variants, and collections.

  The store owner can [change the permissions for a staff or collaborator account](https://help.shopify.com/en/manual/your-account/staff-accounts/staff-permissions) in the Shopify admin.

### Permissions required to assign scopes to a custom app

The following table shows what store permissions a staff account or collaborator account needs to assign [Admin API access scopes](https://shopify.dev/docs/api/usage/access-scopes) to an admin-created custom app. In all cases, the account must also have the **Develop apps** permission.

| Admin API scope name | Permissions required for the staff or collaborator account |
| - | - |
| `read_analytics` | View store metrics |
| `read_assigned_fulfillment_orders`, `write_assigned_fulfillment_orders` | View or manage fulfillment orders |
| `read_customer_merge`, `write_customer_merge` | View or manage customer profile merges |
| `read_customers`, `write_customers` | View or manage customers, customer addresses, order history, and customer groups |
| `read_discounts`, `write_discounts` | View or manage automatic discounts and discount codes |
| `read_draft_orders`, `write_draft_orders` | View or manage orders created by app users on behalf of customers |
| `read_files`, `write_files` | View or manage files |
| `read_fulfillments`, `write_fulfillments` | View or manage fulfillment services |
| `read_gdpr_data_request` | View GDPR data requests |
| `read_gift_cards`, `write_gift_cards` | View or manage gift cards (Available to Plus merchants only) |
| `read_inventory`, `write_inventory` | View or manage inventory across multiple locations |
| `read_legal_policies`, `write_legal_policies` | View or manage a shop's legal policies |
| `read_locations` | View the geographic location of stores, headquarters, and warehouses |
| `read_marketing_events`, `write_marketing_events` | View or manage marketing events and engagement data |
| `read_merchant_managed_fulfillment_orders`, `write_merchant_managed_fulfillment_orders` | View or manage fulfilment orders assigned to merchant-managed locations |
| `read_metaobject_definitions`, `write_metaobject_definitions` | View or manage metaobject definitions |
| `read_metaobjects`, `write_metaobjects` | View or manage metaobject entries |
| `read_online_store_navigation` | View menus for display on the storefront |
| `read_online_store_pages`, `write_online_store_pages` | View or manage Online Store pages |
| `read_order_edits`, `write_order_edits` | View or manage edits to orders |
| `read_orders`, `write_orders`, `read_all_orders` | View or manage orders, transactions, fulfillments, and abandoned checkouts from the last 60 days, or View all past and future orders |
| `read_price_rules`, `write_price_rules` | View or manage conditional discounts |
| `read_products`, `write_products` | View or manage products, variants, and collections |
| `read_product_listings`, `write_product_listings` | View or manage product or collection listings |
| `read_reports`, `write_reports` | View or manage reports on the **Reports** page in the Shopify admin |
| `read_resource_feedbacks`, `write_resource_feedbacks` | View or manage the status of shops and resources |
| `read_script_tags`, `write_script_tags` | View or manage the JavaScript code in storefront or orders status pages |
| `read_shipping`, `write_shipping` | View or manage shipping carriers, countries, and provinces |
| `read_shopify_payments_accounts` | View Shopify Payments accounts |
| `read_shopify_payments_bank_accounts` | View bank accounts that can receive Shopify Payment payouts |
| `read_shopify_payments_disputes` | View Shopify Payment disputes raised by buyers |
| `read_shopify_payments_payouts` | View Shopify Payments payouts and the account's current balance |
| `read_content`, `write_content` | View or manage articles, blogs, comments, pages, and redirects |
| `read_themes`, `write_themes` | View or manage theme templates and assets |
| `read_third_party_fulfillment_orders`, `write_third_party_fulfillment_orders` | View or manage fulfillment orders assigned to a location managed by any fulfillment service |
| `read_translations`, `write_translations` | View or manage content that can be translated |

***

## Next steps

* Learn how to [configure a webhook](https://shopify.dev/docs/apps/build/webhooks/subscribe) for your app and [manage webhooks for different API versions](https://shopify.dev/docs/apps/build/webhooks/subscribe/use-newer-api-version).
* Explore the [Webhooks references](https://shopify.dev/docs/api/webhooks) and [GraphQL Admin API](https://shopify.dev/docs/api/admin-graphql) references.

***

* [Requirements](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#requirements)
* [Step 1: Create and install the app](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#step-1-create-and-install-the-app)
* [Step 2: Make authenticated requests](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#step-2-make-authenticated-requests)
* [Rotating API credentials or generating new access tokens for admin-created apps](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#rotating-api-credentials-or-generating-new-access-tokens-for-admin-created-apps)
* [Changing API scopes](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#changing-api-scopes)
* [Next steps](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#next-steps)