Calling an API in postman

fahad112_Admin · January 13, 2026, 2:52pm

Hi, I have create an app in develop apps. I have a client key and secret key, Now I am getting an error [API] Invalid API key or access token (unrecognized login or wrong password), while calling an API with Header parameter X-Shopify-Access-Token : secret key.

please help me to run an API in postman successfully.

Summary

This text will be hidden

Dylan · January 13, 2026, 3:10pm

Hi @fahad112_Admin

The Client Key and Secret Key are NOT used for direct authentication to the Shopify Admin API.

What you’re looking for is a merchant’s Shopify Access Token that is a result of the merchant finishing OAuth which is signed with your app’s Client ID and Secret Key.

The Access Token is unique to that merchant that installs your app.

The Client Key and Secret Key are assigned to your Shopify app.

Donal-Shopify · January 13, 2026, 3:10pm

Hi @fahad112_Admin! As Dylan explains above, the client secret isn’t an access token - you can’t use it directly in the X-Shopify-Access-Token header. For apps created in the Dev Dashboard, you need to exchange your credentials for an access token first.

Here’s the full process:

Create your app in the Dev Dashboard and configure your access scopes in the Versions tab
Install the app on your store from the Home tab
Grab your Client ID and Secret from Settings

Then make a POST request to get the token, e.g using cURL (which you can import into Postman):

curl -X POST \
  "https://{shop}.myshopify.com/admin/oauth/access_token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id={your_client_id}" \
  -d "client_secret={your_client_secret}"

Response:

{
  "access_token": "f85632530bf277ec9ac6f649fc327f17",
  "scope": "write_orders,read_customers",
  "expires_in": 86399
}

Use that access_token value in your Postman requests as the X-Shopify-Access-Token header. The token expires after 24 hours, so you’ll need to repeat the POST request to get a fresh one.

One important caveat: client credentials grant only works if the app and store are owned by the same organization (e.g., your own custom app on your own store). If you’re building an app to install on other merchants’ stores, you’ll need to use either token exchange (for embedded apps) or authorization code grant (for non-embedded apps).

dadof3bytes · January 13, 2026, 11:18pm

Alternatively if you want to just test GQL queries, you can use the Shopify GraphQL app Shopify GraphiQL App — Install

This is what i use to test out API queries.

Topic		Replies	Views
Getting "Invalid API key or access token" while making admin graphql api calls through postman. Please help GraphQL Admin API Troubleshooting general-gql-troubles	3	106	May 13, 2025
How to get Admin API tokens using apps in Dev Dashboard Dev Platform dev-dashboard	2	125	February 10, 2026
Invalid API key or access token (unrecognized login or wrong password) Authentication & Access oauth , access-scopes	4	441	March 17, 2025
Token not working Authentication & Access access-scopes	9	259	January 9, 2026
Need to Generating the endpoint API Key for the ghl integration Shopify App Store app-store	4	28	January 21, 2026

Calling an API in postman

Related topics