Just tried to create a legacy app on a store (have none currently) and getting this error. Thought we were supposed to be able to use these until January 1, 2026.
So Iāve tried using the dev dashboard .I only need to get Storefront API access so I click manage here.
That then gives me this.
Shopify. Why have you absolutely destroyed the UX for custom apps 
1 Like
Right, finally managed to enable the Storefront API (issue was because of partner accounts).
But now where the hell do I get the storefront access token?
The only credentials in the dev dashboard are the Client ID & Secret.
WHY IS THIS SO DIFFICULT TO DO NOW? THIS IS NOT AN IMPROVEMENT.
2 Likes
Dev assistant says to call the storefrontAccessTokenCreate mutation, but that means I first need to get hold of an access token for the admin api. This surely cannot be the only way to get a storefront token?
If is it, WTF is going on Shopify???
@Luke we really recommend you use our headless app if you are looking to build out something with the Storefront API. You can see more detail in our documentation here. Install that app and you should have a token you can use with that shop in less than 30 seconds 
@eytan-shopify This honestly feels like 2 steps back. I just wanted to be able to access metaobjects via the storefront API. Installing the headless app for this feels overkill. I also now have to communicate to a client to tell them not to uninstall this app.
Also any idea why Iām unable to create legacy apps?
1 Like
@Luke I am trying to understand why itās a step back. If you create a merchant custom app to access the Storefront API that app, too, would have to be installed on the shop to activate the tokens. What do you see as the extra friction?
As for why you canāt create legacy custom apps would need to dig into that more for your specific situation. I will DM you.
I think the confusing part here would be that a merchant may see the āheadlessā app and wonder why the hell they have that installed on their store. Whereas a custom app would be labelled āBy [agency name/freelancer]ā and more identifiable.
If a merchant seeās the headless app when they donāt have a headless store, they may end up wanting to delete this.
4 Likes
This is so incredibly confusing now. Is there documentation on this thatās not outdated? Tried using the Legacy option (is that the only way to get an admin token?) but i get the error above. tried installed the developer app with the new dashboard but couldnāt figure out where the api tokens come from. read something about you get it when you install but I didnāt see anything. This feels like the app release wasnāt fully thought through from a user perspective. Maybe Iām just missing something or not reading the correct documentation.
Hey @Luke and @Kyle_Developer, I am looking in to the issues brought up here for you. Can you share a little more context on the store plan and type where you are seeing the error?
For Dev dashboard development stores and Partner Dashboard client transfer stores, you should be able to create legacy custom applications.
From what I have found so far, there may be some differences when it comes to plus plan stores, so knowing where you are seeing this pop up will help me narrow down where I look next!
Hey @KyleG-Shopify, @eytan-shopify has informed me theyāve located the issue and will be fixing it 
Not sure when though.
1 Like
Can someone explain why we need to create an app to get access to the storefront and admin api tokens? I would think it would just be a setting on the site itself like most sites do it. Iām guessing thereās some backend reason that makes it more scalable but this has always been so confusing to me. It makes sense if youāre building an app but for just site creation, why do I need to create an app just to access the API. It feels more developer focused than user friendly. One of the greatest appeals to Shopify is how user friendly it is but this is by far the least user friendly part of your site that Iāve found. And to your question Iām using a plus plan store. Also can you verify the way itās āsupposeā to work is that youāre supposed to get the keys when you install the app?
1 Like
@Kyle_Developer, I can definitely understand the frustration, but Iāll try to answer (as someone non-Shopify)!
As @eytan-shopify pointed out, you can use the headless app to generate tokens for the storefront + customer apis. I use this all the time, and itās pretty much 2-3 clicks and you get your token!
For accessing the the admin API, Iād recommend following this guide and using the GraphiQl app.
@Luke definitely makes a good point around other staff members possibly getting confused about the purpose of those applications. In theory, you could limit access to those apps to only the ātechnicallyā minded in the team?
The alternative of having unlimited scope, long-lived access tokens is generally considered bad security practice. Having some client-id/secret, and doing an auth flow to generate short-lived access tokens with some mechanism to refresh, is a really common pattern.
As to why you have to create appsā¦ I suppose thatās an architecture decision. Itās easier to have āone wayā for public apps, private apps, API users to generate access tokens - rather than multiple different approaches. Thatās better for security, documentation, and product management in general.
1 Like
Thanks @bkspace for jumping in with a great answer. Today it is possible to get access tokens directly in admin, but as was pointed out above this creates potential security issues because these tokens live forever and never expire. With the shift to using apps built in the dev dashboard we are moving to a more secure setup.
Another issue with the apps in the admin is that these apps donāt have an upgrade path to use all the features of the platform, e.g. extensions, declarative webhooks, etc. In order to use these features itās necessary to use the CLI and the apps in admin arenāt supported in the CLI. I realize that there are many use cases that donāt require using all of these features, but we want to avoid putting users on a dead end path - hence consolidating on the dev dashboard and CLI as the tools to use to create apps and not the apps in admin experience.
1 Like