Hi @WhitestRabbit 
This has come up a lot since the January 1st deprecation. To answer your questions directly:
Legacy custom apps created before January 1, 2026 will continue to work. Existing tokens remain valid and apps created before transfer should persist once the store is handed over. New legacy custom apps can no longer be created though.
All new custom apps go through the Dev Dashboard now, and you have two paths for access tokens. The client credentials grant you already looked at is the closest equivalent to your old workflow, but it requires the app and store to be in the same organization, so the merchant would need to create the app in their Dev Dashboard after transfer. The 24-hour expiry just means re-POSTing the same client_id and client_secret before it lapses.
If you’d rather keep control of setup before transfer, the authorization code grant lets you create the app, install via a one-time OAuth flow, and get an offline access token. With expiring=1 you get a ~1hr access token plus a 90-day refresh token, and each refresh gives a fresh pair so the integration stays alive indefinitely. More upfront work (you need a callback endpoint), but you can do everything before the store is transferred.
More detail in these threads; deprecation overview and migration paths. Hope this helps, but let me know if I can clarify further!