HELLO!
I’m a small developer, and all the apps I’ve developed are for myself, so they’re custom/private apps in the C# .NET console. In 2026, I saw that everything changed! Now, I’ve created a new app in the developer dashboard and can set the scopes and GraphQL version, but I can’t find the Shopify token “shapt_*.” Where should I look for it?
Hey @Carlo_Bernava! You’re right, the process has changed. Dev Dashboard apps don’t expose a static shpat_ token in the UI anymore, that’s by design. All you’ll see is a Client ID and Client Secret, and you exchange those for a token from your own code.
Since these are private apps on your own stores, the client credentials grant is the way to go. First install the app on the store (Home, then Install app), then grab the Client ID and Client Secret from the app’s Settings. From your console app, make a POST to https://{shop}.myshopify.com/admin/oauth/access_token:
grant_type=client_credentials
client_id={client_id}
client_secret={client_secret}
The response gives you the shpat_ token to use in your X-Shopify-Access-Token header. One thing to watch in C#: the token expires after about 24 hours (expires_in of 86399), so don’t hardcode it. Request a fresh one on startup or cache it and re-request when it’s close to expiry. The get API access tokens doc has the full walkthrough plus a troubleshooting section.
THANK YOU!!! Now it’s ok
It’s very strange…in insomnia all is ok and the request return me the token, but if I execute this
public static void getShopifyToken(string shopName,string client_id,string client_secret)
{
string endpoint = $"https://{shopName}/admin/oauth/access_token?client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials";
var graphQLClient = new GraphQLHttpClient(endpoint, new NewtonsoftJsonSerializer());
var request = new GraphQL.GraphQLRequest();
var response = graphQLClient.SendQueryAsync<dynamic>(request).Result;
}
response is ok, but response.Data is empty
Where am I wrong?
Hey @Carlo_Bernava, I had a look and I think it’s because the token request isn’t a GraphQL operation, it’s a regular REST/OAuth POST, so sending it through a GraphQL client won’t populate response.Data. There’s no data field for it to map, which is why the call “succeeds” but comes back empty. Insomnia works because it just does a plain POST and shows you the raw body.
So use an ordinary HTTP client for this step, post the form-urlencoded parameters, and read access_token straight off the JSON body:
POST https://{shop}.myshopify.com/admin/oauth/access_token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}
The full request and response shape is in the client credentials grant docs. Once you have the token, that’s when the GraphQL client comes into play, point it at /admin/api/{version}/graphql.json and pass the token in the X-Shopify-Access-Token header for your actual queries.
Let me know if this works or if you have any other issues!
Do you know an idiot? Yes, that’s me.
Not at all, thanks for posting! I’m sure this will help many others when they come across similar issues 