Getting 401 with valid offline access token after install

Hi all,

I’ve created a custom app and I can see the offline access token in my sessions table. And confirmed in the admin dashboard. I’ve defined the following scopes:

write_products,read_orders,read_content,write_content,read_products,write_metaobjects,read_metaobjects,write_metaobject_definitions,read_metaobject_definitions

I installed the app, confirmed the token, re-installed twice, but when I call the Admin REST API I still get:

const res = await axios.get(`https://${SHOP_DOMAIN}/admin/api/2025-01/products.json?limit=50`, {
      headers: {
        "X-Shopify-Access-Token": TOKEN,
        "Content-Type": "application/json",
      },
});

// returns
{ "errors": "[API] Invalid API key or access token (unrecognized login or wrong password)" }

Here’s an example request:

curl -X GET "https://fractal-flowers.myshopify.com/admin/api/2025-10/products.json?limit=30" \
  -H "X-Shopify-Access-Token: shpca_xxxb300c"

Any idea what I may be missing? Thanks!

How are you acquiring your access token? If you are using client credentials the access token will expire after 24 hours and you will need to acquire a new one.

It is an offline access token that I am using via oauth for my custom distributed shopify app. It should never expire. I just acquired this one about 20 minutes ago after uninstalling, clearing my database table, and reinstalling. Happy to hop on a call and walk you through it to troubleshoot realtime @TerenceShopify . Right now we are stuck on this.

Following up here! Hopefully someone can help us get past this issue.

@Liam-Shopify wondering if you can jump on this one as well

Following up here @Liam-Shopify @TerenceShopify

Hello @Liam-Shopify @TerenceShopify it’s been almost 2 weeks… still waiting on a response here.

@Alan_G maybe you can chime in here. Thanks

Hey @coltrane_nadler ! Thanks for waiting here, really appreciated.

Usually, a 401 with a valid offline token shouldn’t be happening like this. The shpca_ prefix on your token is catching my eye though, as that’s typically associated with custom apps created directly in the store admin rather than distributed apps built through the Partner Dashboard.

Can you confirm how you created your app - was it through partners.shopify.com or through your store’s admin under Settings → Apps and sales channels → Develop apps? Also, if you could make another API call and grab the x-request-id from the response headers (you can request these in cURL by running some like this curl -i -X GET ), that would be super helpful for tracing exactly what’s happening on our end.

Hope to hear from you soon, I can definitely take a look on our end here!

We were testing this a custom distributed app through the partner dashboard. It is an offline token, so to my understanding it should not be giving a 401 error within 15 minutes of authorization.

The ‘x-request-id’ was ‘65d0ce5b-c9b4-4e6a-a1b6-4171e21f53ea-1761883697’;

Thanks for confirming @Coltrane_Nadler , the logs do look odd on my end here too, so definitely happy to dig into this further. Would you happen to have the app ID on hand or a link to the app in your partner dashboard? Happy to set up a DM if you’d prefer to share that way as well.

Hey Alan. Yeah can you send me a DM?
Would be great to a direct line while we continue to iron these bugs related to the new api updates.

No worries @Coltrane_Nadler - sending you a message now!