I’m trying to clarify the current, officially supported way to get Admin API and Storefront API access for a single Shopify store.
My requirement:
Access to Admin API and Storefront API
App is only for one store (not public, not distributed)
No embedded UI needed
No Shopify CLI project
No public app listing
Previously this was done via legacy custom apps created directly from the store admin
From the recent updates (Jan 2026), it looks like:
New legacy custom apps can no longer be created
Dev Dashboard apps + OAuth are now required
My question is very specific:
Is there any supported way to:
Create a custom app only for a single store
Obtain Admin API and Storefront API access
Without using the Shopify Partner dashboard and without creating a CLI-based app project?
Or is the Dev Dashboard app + OAuth install flow now mandatory in all cases, even for single-store, internal use?
I’m not looking for workarounds or unsupported hacks.
Just want to confirm if the old “store-only custom app with static tokens” model is fully deprecated with no replacement, or if there is an equivalent supported alternative.
Hey @Bhoopendera_Mewada, this has been a hot topic since the January 1st deprecation went into effect.
The short answer is yes, the old “store-only custom app with static tokens” model is fully deprecated with no direct replacement that gives you an immediately-available permanent token.
That said, you can still get pretty close to what you had before. There are two paths:
Client Credentials Grant (simplest)
The merchant creates the app in the Dev Dashboard and provides you with the Client ID and Client Secret. You make a POST request to exchange those for an access token. The catch is these tokens expire every 24 hours, so you need to refresh them. This only works when the app and store are owned by the same organization.
Authorization Code Grant (permanent token)
This requires a one-time OAuth flow where you host a callback endpoint to receive the authorization code, then exchange it for an access token. The good news is this gives you a non-expiring offline token that works exactly like the old legacy tokens - it stays valid until the app is uninstalled.
The OAuth setup is more work upfront, but once you’ve done it once, you have a permanent token and can continue operating exactly as before. No CLI project, no embedded UI, no app review required.
Kellan walked through this whole transition in detail in this thread - worth reading through if you want the full context.
For the Storefront API specifically, you’ll need to generate tokens via the storefrontAccessTokenCreate Admin API mutation rather than having them displayed in the UI.
Is there any supported way to: