All Tutorials

Authenticate a public app with OAuth

All Tutorials

Authenticate a public app with OAuth

Authenticate a public app with OAuth

A public Shopify app can interact with the Shopify API on behalf of multiple stores. To authenticate with Shopify by using a public app, you need to generate the credentials from your Partner Dashboard and then use them to implement OAuth.

Generate credentials from your Partner Dashboard

You can create a public application from your Partner Dashboard.

To create an app:

  1. From your Partner Dashboard, click Apps > Create app.
  2. Provide an app name, URL, and Redirection URLs.
  3. Click Create app. You are directed to your app's overview page, where you can view the API key and API secret that you will need for OAuth.

Orders permissions

By default, you'll have access to the last 60 days' worth of orders for a store. To access all the orders, you'll need to request access to read_all_orders. If access is granted, then you can add the read_all_orders scope to your app along with read_orders or write_orders.

To request read_all_orders access:

  1. From your app's overview page, click App setup.
  2. In the Orders section, click Request access to all orders.
  3. Provide a description about why you are applying for access.
  4. Click Request access.

The Orders section shows that your request is pending approval. If your request is approved, then you'll see a Read All Orders banner. If your request is denied, then you'll see a Request denied banner with options to get further details or appeal the decision.

Turn an app into a sales channel

After you've created an app, you can turn it into a sales channel app and request payment processing.



  1. From your app's overview screen, click App setup.
  2. In the Sales channel section, click Turn app into sales channel.
  1. Click Turn app into sales channel again to confirm that you want to convert your app into a sales channel.
  2. Click Save.

After you click Save, your app is a sales channel.

Request payment processing

After you've turned your app into to a sales channel app, you can request payment processing to use the Checkout API with credit cards. Shopify supports a variety of payment processing methods, including third-party services such as Stripe and Spreedly.


  1. From the Sales channel section click Request payment processing.
  2. Select your PCI compliance method, as described in the following table:
PCI compliance method Description
My platform is not PCI compliant You must determine a strategy for processing payments.
My platform uses Stripe You have an existing platform account with Stripe and would like to use Shopify's Stripe integration.
My platform uses a service such as Spreedly to deliver payment tokens You'd like to use Spreedly or similar service for credit card tokenization and PAN forwarding.
My platform has a certificate of compliance If you already have a PCI compliant solution in place, then you can provide Shopify with a certificate of compliance.
  1. Enter a description of your app to help us process your request faster.
  2. Click Request access.

A request for payment processing can take up to 7 business days. You'll receive a notification when your request is processed.

Make authenticated requests

Public apps authenticate to Shopify by providing the X-Shopify-Access-Token header field in each HTTP request to the Shopify API. This access token is obtained through an OAuth handshake. To learn more about how OAuth works, see OAuth.