I am currently facing an issue while trying to generate an access token to integrate with another system by building a custom app in Shopify after the recent changes to the app development process.
Earlier, we were able to create a custom app directly from the Shopify Admin UI and generate the Admin API access token easily. However, after the recent update, Shopify requires apps to be created via the Shopify Developer Dashboard.
I have my partner dashboard with collaborator access to my client’s stores.
Here is what I have done so far:
Created a new app from the Shopify Developer Dashboard.
Configured the app URL and defined the access scopes.
Installed the app on the target store with a custom install link.
Installation completes, but I receive a domain-related error after installation.
Because of this, I am unable to properly complete the OAuth flow and generate/store the access token.
Do we need to configure App URL in a specific format to avoid domain mismatch?
Is there a recommended approach to generate Admin API access tokens for private/internal integrations under the new app model?
Can anyone guide me on the correct updated process to create a custom app via Dev Dashboard, install it properly, and successfully generate and store the Admin API access token.
Any guidance or information on this would be highly appreciated.
Luke’s thread link has the full answer but since you mentioned you’re getting a domain error after installation, that’s almost certainly because your app and your client’s store are in different organizations (you mentioned collaborator access through the partner dashboard). In that case the Client Credentials grant wont work, you need to use Token Exchange or the Authorization Code Grant instead. Terence’s guide covers this but the key detail is easy to miss: Client Credentials only works when the app and store belong to the same organization ( About client credentials )
For the app URL, you can just use https://shopify.dev/apps/default-app-home as a placeholder if you dont have a real server endpoint yet. The domain error you’re seeing after install is likely tied to the OAuth redirect, not the app URL itself. Make sure your redirect URI in the Dev Dashboard matches exactly what your code is sending during the authorization flow, including the trailing slash.
Worth mentioning that the bigger shift here is that Shopify has killed the old copy paste token model entirely, so any integration that expects you to paste an shpat_ token needs to be updated on their end to support OAuth.