It seems that in 2026, new custom apps can only be created from the Partner/Developer dashboard. They now seem to need an OAuth flow to get an access token, just like public apps.
Earlier, custom apps could get the access token directly without any login or auth flow.
It looks like they’ve made creating custom apps harder this way. Many developers are now using Shopify boilerplates, and they have to understand how OAuth works.
What are your thoughts ?
Hey @Hitesh_Apps, we have had a lot of discussion on this over in the dev platform board. I would suggest checking that out for others thoughts
You’re right though, that the flow has changed. It is a few more steps than before. Previously, custom apps created in the store admin would reveal a long-lived access token directly in the UI. You’d copy it once and use it indefinitely. Now, merchants creating apps for their own stores through the Dev Dashboard need to exchange their client ID and secret via an API call to get a token, and that token expires after 24 hours.
For context, this only applies to merchants creating apps for their own stores via the Dev Dashboard. Custom and public apps created by partners through the Partner Dashboard still use OAuth (token exchange or authorization code grant), nothing has changed there.
The docs walk through the new flow: Creating apps via Dev Dashboard covers setup, and Client credentials grant covers the token exchange itself.
Hi @KyleG-Shopify Thank you for your response.
You wrote, “This only applies to merchants creating apps for their own stores via the Dev Dashboard.”
I believe that only Shopify Partners have access to the Dev Dashboard, and merchants do not have it.
If you are referring to merchants creating apps from their store admin, I have just checked, and as of 2026, it is not possible to create a custom app directly from the Shopify store admin.
Please let me know if I am missing something.
Thanks for the reply.
Merchants and partners both have access to the Dev Dashboard. Merchants will now see a link to the dev dashboard on the develop apps page of their admin instead of the create an app flow. Merchants can also access their dev dashboard from the dropdown under their profile
One thing to keep in mind though is that merchants will need to have certain permissions on their shop to access their organizations dev dashboard: User permissions
@KyleG-Shopify Thank you for your response. Yes now i can see it.
Just as developer feedback: for custom apps, it is now harder to generate Admin API credentials, even for something as basic as programmatically reading data from a store.
We would like to request that you allow us to generate a permanent access token directly from the developer dashboard, without any OAuth flow, the way legacy apps used to provide it.
Hello,
We would like to second the request for permanent access tokens to be generated on the dev dashboard.
We are a minimal team looking to develop an integration of Shopify to our ERP system, simply syncing data. The 2026 way of OAuth flow or managing token lifetime feels like a considerable hurdle to our intended goals.
Please provide a less intricate solution for dev dashboard users.
Thank you, and have a great day.
Hey @Hitesh_Apps and @Andreas-Chlupka
Thanks for the feedback. I’ll definitely pass this along. The friction around token management for simpler integrations is something I’ve heard from others as well.
That said, for context to help decide if this is ideal for merchants using your integrations. Long-lived tokens that never expire carry higher security risk. If one gets leaked (logs, repos, etc.), it grants indefinite access to the store. Short-lived tokens with a refresh flow limit the blast radius of a compromised credential.
For partners building integrations across multiple merchants, the public app pathway is designed specifically for that. An additional benefit to merchants are that your app goes through a security review process that helps ensure best practices. You get durability and a layer of protection for your merchants, not to mention enhanced trust from merchants using your app.
Appreciate you both taking the time to share this.
