Hey @Peter_Anania, you’ve hit on something a lot of folks have been running into since the Jan 1st deprecation.
The “use legacy install flow” checkbox isn’t what you’re looking for here - that’s about how scopes are requested during OAuth, not about getting a displayed access token like the old custom apps had. Apps created in the Dev Dashboard don’t give you a static token in the UI anymore.
The 401 error you’re seeing is because you’re likely trying to use the Client ID and Secret directly as authentication. Instead, you need to exchange them for an access token first.
There are two paths depending on your setup:
If you own both the app and the stores (same organization), client credentials grant is the simplest option. You POST your Client ID and Secret to https://{shop}.myshopify.com/admin/oauth/access_token with grant_type=client_credentials, and you’ll get back an access token.
The catch is these tokens expire every 24 hours, so you’ll need to refresh them periodically.
If you’re a Partner building apps for stores you don’t own, client credentials won’t work - you’ll get that shop_not_permitted error. In that case, you need authorization code grant instead. It’s more setup upfront (you need a callback endpoint to handle the OAuth redirect), but it gives you a non-expiring offline token that works exactly like the old legacy tokens until the app is uninstalled.
Given you mentioned these are internal apps for your own stores, client credentials should work for you. Just make sure the app and store are under the same organization.
I went through this same transition in more detail in this thread which might be helpful context.