API Token Error after following documentation

Authentication & Access
1

I am trying to create an automation between a few of our systems and shopify and need an API token to do so.

I have created an App via the dev dashboard and successfully installed it in my storefront. I then ran the curl request below which seemed to work for many others in this thread.

curl -X POST \

  "https://shopify.com/authentication/[store ID]/oauth/token" \

  -H "Content-Type: application/x-www-form-urlencoded" \

  -d "client_id=[id]" \

  -d "client_secret=[secret]" \

  -d "grant_type=client_credentials"

I continue to get the error:

{"error":"invalid_client","error_description":"The client credentials provided are invalid or missing."}%

There are two versions of this app that were automatically created when I created the app. I have tried installing both to our storefront and run the curl but continue to get the same error. I think it may be an error in how I set up the app as I cannot uninstall either instance from my store now. Any advice would be very helpful!!

2

Hey @James_Sawyer - thanks for reaching out :waving_hand:

I think the issue might be popping up here because of the token endpoint being used. The https://shopify.com/authentication/[store ID]/oauth/token route is for Customer Account API authentication, not for getting an Admin API token with the client credentials grant.

For an Admin API token for server-to-server automation, try using the shop’s myshopify domain instead:

curl -X POST \
  "https://{shop}.myshopify.com/admin/oauth/access_token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id={client_id}" \
  -d "client_secret={client_secret}"

{shop} should be the store handle before .myshopify.com, not the numeric store ID.

If that still returns invalid_client, I’d double-check that the Client ID/secret are from the same app installed on that store, and that this is an app/store owned by your organization.

If you are trying to grab a a Customer Account API token or are still seeing issues, if you’re able to share an X-Request-ID by running curl -i -X POST \ , that should output an X-Request-ID that you can send my way and I can use it to check our logs. Let me know what response you get from the Admin OAuth endpoint and I can help narrow it down further to see what’s happening and hope this helps!