I work for a company which has an on-premises product which integrates with Shopify. Our integration uses GraphQL to pull data into our product and to push data into Shopify. This is all done within our product and does not involve any custom Shopify UI.
It appears that in order to use Shopify’s API, it’s a requirement that there must be an app in Shopify to manage authentication and authorization. Currently we request that our customers create a custom app by going to Shopify admin → Settings → Apps and sales channels → Develop apps, and then enter their Admin API Access Token into our product.
This App development page now has a warning stating “Starting January 1, 2026, you will not be able to create new legacy custom apps. This will not impact any existing apps.”
I did some looking into the new custom apps and they seem like they’re not quite the correct tool for what we’re trying to do. For example, it sounds like these apps would have to go through a review process with Shopify. So I want confirmation as to whether UI-less API use cases are now meant to use Dev Dashboard Custom Apps or not.
Moving forward all apps will be created and managed via the Dev Dashboard, whether that’s Partner Apps, or Merchant Apps.
For the process that you’ve mentioned, with the merchant creating the app in their store admin directly, this is now replaced with the merchant logging into their Dev Dashboard to create the custom apps. This process is explained in the Shopify.dev documentation:
Any apps created this way, by a Merchant specifically, does not need an app review, and do not need any custom UI. Those requirements are specifically for public apps created by a Partner in the Dev Dashboard, that will be listed on our Shopify App Store directly. They do not apply for custom apps created by Merchants or Partners in the Dev Dashboard.
Here’s some documentation with more info on App Distribution Methods, also it’s good to know that merchants can only create custom apps, they’d need to be logged into a Partner Account in the Dev Dashboard to be able to create a public app that requires the app review previously mentioned.
One further difference that you will notice with this new workflow, is that the access tokens are not immediately available like they were when the app was created in the Admin.
New apps created via the Dev Dashboard, will need to use the new Client Credentials Grant workflow to generate an access token your app can use.
This means, when the merchant creates the app in the Dev Dashboard, they will need to provide you with the Client Id and Client Secret displayed under the app settings in the Dev Dashboard, then you can use those credentials to generate a new access token with the POST https://{shop}.myshopify.com/admin/oauth/access_token HTTP Request.
In the same boat but create custom apps for merchant development stores connected via our Partner account. We do not have a need for distributed apps.
Just looking to double check that the processes are more or less the same when setting up. I’m assuming the merchant will have access when the store is transferred.
Or, do we specifically need to use a staff account that will later become the Store owner account when setting up?
You can’t install custom or draft apps on client transfer stores. Create a dev store in the Dev Dashboard to build and test your app.
In this case you should be transfering the store first, then if you need to create a custom app on the store you can do so after it’s transferred, with a collaborator account, or have the merchant create the custom app in the Dev Dashboard and provide you with the Client ID and Client Secret, to use with the Client Credential Grant Workflow to create an access token for use.
Additionally it is very important to know that you can not install the same app on multiple merchant stores as a custom app. If you are installing the same app on multiple stores, it is required that the app is released as a Public app and does have to go through our App Review Process, though you can leave it as unlisted so only merchants that get the link to install it from you directly can use it.
API Restrictions. When using the Shopify API, you will (and will ensure that your employees, agents and service providers will):
…
not make Custom Applications available to or for use by more than one Merchant. For the avoidance of doubt, this means that Custom Applications may not be installed by more than one Merchant. For clarity, a Merchant may have more than one Merchant Store.
So to confirm, if we want to use Shopify API as per merchant’s request - we can no longer help them while their client transfer store is in development? We can only do it after transferring?
Currently the Shopify Help Center advises we Create up to 10 custom apps for a client transfer store.
Thank you for sharing that Help Center Documentation, as it does need to be updated to reflect the new changes with the way apps work with the new Dev Dashboard platform.
The relevant documentation in Shopify.dev has been updated after the Dev Dashboard was released and would be the correct one to go by here.
You can only install free apps and partner-friendly apps.
You can’t install custom or draft apps on client transfer stores. Create a dev store in the Dev Dashboard to build and test your app.
I will be passing feedback internally regarding the Help Center documentation that does need to be updated, I appreciate your help pointing this out for us!
Going forward I would recommend the following:
Submit the app as a Public App, released as either a free app or a partner-friendly app. That way you could install the app on a client transfer store before transferring to the merchant.
Or
Develop the app using a non-client transfer development store for testing. Then on the client transfer store, after transferring the store over have the merchant (or collaborator account) create a custom app from the Dev Dashboard, and provide you with the Client ID and Client Secret to use for authentication with the app you’ve previously developed on the non-client transfer development store.
With the unspoken part being how much a delay this can be and how LONG the requirements list has become regardless of unlisted status.
And that will be if there’s ZERO roundtripping from setbacks to get through the review process and ALL it’s requirements which are around 300 strong now for any new dev to go through when touching the platform for their clients.