How to get Admin API tokens using apps in Dev Dashboard

TerenceShopify · February 10, 2026, 10:15pm

We’ve seen a lot of questions since January 1st about how to get Admin API access tokens now that custom apps in the admin were deprecated. The key change: tokens don’t appear in the UI anymore. Instead, you’ll see a Client ID and Client Secret—you exchange these for an access token using the client credentials grant. This happens programmatically. We know this has been confusing, and we’ve been working on improving our docs to make the new process clear.

Start here:

What changed

Before: Custom apps showed an shpat_******* access token in admin that you could copy and paste into a script or a 3rd party integration.
After: Apps created in the Dev Dashboard show a client ID and client secret. You exchange these for an access token by making an API request.
Why: We are phasing out non-expiring tokens in favor of short-lived tokens to better improve the safety of data in stores. Permanent tokens can easily be leaked and then provide access to sensitive data.

How to get access tokens

Tokens no longer appear in the admin and don’t appear in the Dev Dashboard either.
Use the guide to exchange your client ID and secret for an access token:
Get API access tokens for Dev Dashboard apps

The guide includes working code that:

Requests tokens programmatically
Refreshes them before they expire (every 24 hours)
Works for backend scripts, automation, and API integrations

Common issues

What to use for App URL

You can use https://shopify.dev/apps/default-app-home as your app’s URL.

Your auth request receives `Error: shop_not_permitted: Client credentials cannot be performed on this shop`

This usually means your app and the store are in different organizations (for example, you’re a partner building for a client store).
Solutions:

Create an app using the CLI and use the standard app template which automatically implements auth.
If you can’t user our templates then use Token Exchange or the Authorization Code Grant, not Client Credentials. These OAuth grants work across organizations and issues long‑lived offline tokens.

A 3rd party integration is asking you to “copy a token”

Copying an access token and pasting it into a 3rd party system will no longer work.
Contact the 3rd party system to request they update their Shopify integration to work with OAuth.

Tim_Johnson · March 10, 2026, 7:23pm

This would be a little less absurd if I, as a collaborator on my client’s store with full app permissions, could access their Dev Dashboard to do this.

Alas, I have to either request staff access or have them create the app in the Dev Dashboard and send me the credentials.

It can’t be that uncommon to, as a developer, just need a temporary access token to a client’s store to perform various API operations - how can it possibly be this convoluted?

TerenceShopify · March 11, 2026, 6:17pm

We are aware that collaborator access to Dev Dashboard is an impediment for partners right now and are going to be addressing this gap.

MegaOtis · May 15, 2026, 1:48pm

What this post does not mention is that even if you somehow figure all of this out, it still wont work if you need access to your own orders (why would a merchant ever need API access to their own orders…hmmm…?). PII data access requires an even more convoluted series of steps.

nyasha_madzokere · May 19, 2026, 8:28am

I wrote a tutorial on this https://medium.com/p/3190e1fdaf44

Topic		Replies	Views
Easy mode for obtain accessToken Authentication & Access access-scopes	2	184	March 3, 2026
New Shopify Dev Dashboard and Admin Access Token Authentication & Access oauth , access-scopes	3	781	December 22, 2025
Can't find where to get a permanent shpat_ token anymore Products and Orders APIs admin-api-products	4	477	April 28, 2026
Access Token using Dev Dashboard Dev Platform dev-dashboard , app-deployment	2	200	February 20, 2026
Custom App Credentials Dev Platform	10	1730	January 13, 2026