Let me walk through the full setup from scratch:
-
Go to dev.shopify.com/dashboard and open your app (or create a new one via Create app → Start from Dev Dashboard)
-
Go to the Versions tab, set the App URL to
https://shopify.dev/apps/default-app-home(you don’t need an embedded UI for API-only access), select your Webhooks API version, add your access scopes (e.g.,read_orders), and click Release -
Back on the Home tab, click Install app, select your store, and click Install - you should see a grant screen to approve permissions
-
Go to Settings and copy your Client ID and Secret
-
Request your token - make sure the credentials are in the request body, not headers:
curl -X POST \
"https://your-store.myshopify.com/admin/oauth/access_token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET"
You should get back an access token (expires in 24 hours, just re-run the same request to refresh). Then use it in your API calls:
curl -X POST \
https://your-store.myshopify.com/admin/api/2025-01/graphql.json \
-H 'Content-Type: application/json' \
-H 'X-Shopify-Access-Token: YOUR_ACCESS_TOKEN' \
-d '{"query": "{ orders(first: 10) { edges { node { id name } } } }"}'
A similar thread had the same error and it turned out the credentials were being sent in headers instead of the body - worth double-checking.
If you’ve followed all of the above and still hitting issues, start a chat with support and they can dig into the specifics of your app and store setup.