We created a new app in the dashboard, we have a Client ID and a Secret ID. We installed that app to the store. The App shows under “Current Installs” our store. If we go to the admin/backend of our Store, under Apps, our App is there.
When I POST the Client ID, Client Secret, and Grant Type “client_credentials” to https://[store].myshopify.com/admin/oauth/access_token
we get:
400 - Oauth error application_cannot_be_found
Oops, something went wrong
Oauth error application_cannot_be_found: Could not find Shopify API application with api_key
If I try to go straight to:
https://[store].myshopify.com/admin/api/2026-01/graphql.json and POST “query { shop { name } }” with x-shopify-access-token = our secret key (the prior way we’re migrating from) I get:
[API] Invalid API key or access token (unrecognized login or wrong password)
But when we POST the id,secret,and grant_type to /admin/oauth/access_token we get:
400 - Oauth error application_cannot_be_found
Oauth error application_cannot_be_found: Could not find Shopify API application with api_key
I accepted the invite to the store, I created the app while logged into the store, I installed the app while logged into the store. I’m not sure if that satisfies “apps developed by your own organization and installed in stores that you own.”
I don’t know if “offline” is the right term for our app, it has no website or UI for anyone to go to, it just runs on our server and syncs orders and qtys from our system to the store. Its just a c# desktop app making API calls. We have several stores working with us the legacy way but now can’t add any new ones.
I know we need to use the access_token rather than the secret now, but none of the ways to get a token either work or seem like they apply to this situation. I could very easily be wrong there, I don’t know.
Yes but I can’t make sense of that in our scenario because there’s no “starting the application” for the Shopify User - So there’s no URL they go to for the app to accept the GET / hmac in step #1.
Our “App” is no different than if I just opened Postman and tried to run:
POST https://[storename].myshopify.com/admin/api/2026-01/graphql.json
GraphQL Query: “query { shop { name } }”
There’s no URL, no interface on Shopify, its fully external and just makes API calls.
We’re trying this next: I’ve deleted and uninstalled the app, the store owner will now create and install the app, give us the keys, and then I’ll see if I can now get an access token…
Actually, none of the above was correct. I was putting the client ID and client secret in the headers (like an idiot) instead of as parameters. I fixed that and it immediately worked and I got my token (despite not being the store owner… )
