It seems that in 2026, new custom apps can only be created from the Partner/Developer dashboard. They now seem to need an OAuth flow to get an access token, just like public apps.
Earlier, custom apps could get the access token directly without any login or auth flow.
It looks like they’ve made creating custom apps harder this way. Many developers are now using Shopify boilerplates, and they have to understand how OAuth works.
What are your thoughts ?
Hey @Hitesh_Apps, we have had a lot of discussion on this over in the dev platform board. I would suggest checking that out for others thoughts
You’re right though, that the flow has changed. It is a few more steps than before. Previously, custom apps created in the store admin would reveal a long-lived access token directly in the UI. You’d copy it once and use it indefinitely. Now, merchants creating apps for their own stores through the Dev Dashboard need to exchange their client ID and secret via an API call to get a token, and that token expires after 24 hours.
For context, this only applies to merchants creating apps for their own stores via the Dev Dashboard. Custom and public apps created by partners through the Partner Dashboard still use OAuth (token exchange or authorization code grant), nothing has changed there.
The docs walk through the new flow: Creating apps via Dev Dashboard covers setup, and Client credentials grant covers the token exchange itself.
Hi @KyleG-Shopify Thank you for your response.
You wrote, “This only applies to merchants creating apps for their own stores via the Dev Dashboard.”
I believe that only Shopify Partners have access to the Dev Dashboard, and merchants do not have it.
If you are referring to merchants creating apps from their store admin, I have just checked, and as of 2026, it is not possible to create a custom app directly from the Shopify store admin.
Please let me know if I am missing something.