All Tutorials

Authenticate a public app with OAuth

All Tutorials

Authenticate a public app with OAuth

Authenticate a public app with OAuth

A public Shopify app can interact with the Shopify API on behalf of multiple stores. To authenticate with Shopify by using a public app, you need to generate the credentials from your Partner Dashboard and then use them to implement OAuth.

Generate credentials from your Partner Dashboard

You can create a public application from your Partner Dashboard.

To create an app:

  1. From your Partner Dashboard, click Apps > Create app.
  2. Provide an app name, URL, and Redirection URLs.
  3. Click Create app. You are directed to your app's overview page, where you can view the API key and API secret that you will need for OAuth.

Orders permissions

By default, you'll have access to the last 60 days' worth of orders for a store. To access all the orders, you'll need to request access to read_all_orders. If access is granted, then you can add the read_all_orders scope to your app along with read_orders or write_orders.

To request read_all_orders access:

  1. From your app's overview page, click App setup.
  2. In the Orders section, click Request access to all orders.
  3. Provide a description about why you are applying for access.
  4. Click Request access.

The Orders section shows that your request is pending approval. If your request is approved, then you'll see a Read All Orders banner. If your request is denied, then you'll see a Request denied banner with options to get further details or appeal the decision.

Make authenticated requests

Public apps authenticate to Shopify by providing the X-Shopify-Access-Token header field in each HTTP request to the Shopify API. This access token is obtained through an OAuth handshake. To learn more about how OAuth works, see OAuth.