Using new developer dashboard and releasing app

HOYO · November 25, 2025, 5:43pm

I’m working on a Shopify integration and have a couple of questions that I hope someone with experience in the new dev dashboard + Hydrogen can clarify.

1. How do we properly use Admin API permissions in apps created through the new developer dashboard?
I’m building an ERP integrator and following the OAuth flow:

https://{{shopDomain}}/admin/oauth/authorize?client_id={{clientId}}&scope={{scopes}}&redirect_uri={{redirectUri}}&state={{state}}

The .toml:
# Learn more about configuring your app at https://shopify.dev/docs/apps/tools/cli/configuration

client_id = "d9f432c7321489534f79fb36bb4fa5a1"

name = "Integrador ERP"

application_url = "http://localhost:8080/callback"

embedded = true

[webhooks]

api_version = "2025-10"

[access_scopes]

# Learn more at https://shopify.dev/docs/apps/tools/cli/configuration#access_scopes

scopes = "write_inventory, read_inventory,write_orders, read_orders,write_products, read_products,customer_write_customers, customer_read_customers,customer_write_orders, customer_read_orders"

optional_scopes = [ ]

use_legacy_install_flow = false

[auth]

redirect_urls = [

"http://localhost:8080/callback"

]

However, during token exchange I only receive:

{ "access_token": "shpat_...", "scope": "write_inventory,write_orders,write_products,customer_write_customers,customer_write_orders,unauthenticated_write_customers,unauthenticated_read_product_inventory,unauthenticated_read_content" }

My shopify.app.toml includes the full list of scopes I need (read/write for orders, products, customers, inventory, etc.), but the OAuth response always returns a reduced list that doesn’t match the declared scopes.
How should permissions actually be configured for Admin API apps now?
Is there something different with how the new dashboard handles access scopes?

2. Store launch with Hydrogen storefront + native Shopify Checkout
My storefront is fully built in Hydrogen and deployed to a custom domain:

mystore.com → Hydrogen storefront
checkout.mystore.com → Shopify Online Store (Virtual Store with Liquid)

I need to use Shopify’s native checkout.
What is the correct way to launch a store using these two separate domains?
Should Checkout use a subdomain? Should both domains be connected in the Shopify admin? What’s the recommended best practice?

Any guidance or official references would be greatly appreciated!

Kellan-Shopify · November 25, 2025, 10:26pm

Hi @HOYO,

For the first question with the App scopes set in the toml file, it looks like the response you’re getting is correct, and it is setting the scopes for your app correctly based on the scopes you specified in the toml file.

The missing scopes are the read versions of the write scopes that it is returning.

For example in the toml file you specified:

write_inventory, read_inventory,
write_orders, read_orders
write_products, read_products
etc.

and the response from the OAuth call is returning:

write_inventory
write_orders
write_products
etc.

I believe this is expected since you’re being granted the write scopes which does require and use the read scopes as well by default. This shouldn’t result in any errors on your end trying to make API calls to retrieve any of the resources, but if you have any example API calls that are resulting an API Access Denied or similar errors, please provide us with the x-request-id from the HTTP Response Headers, and we can definitely help look into it further.

For the second question regarding Hydrogen Storefront and Checkout Domains. You are correct that you do need to setup the domains in the Shopify Admin settings, and that the Hydorgen Storefront should be the root domain, while the Web Checkout would use a subdomain.

We do have some documentation to help with setting this up correctly.

First add the domain and subdomain to your store in the admin:
- Shopify Help Center | Adding a domain to Shopify
- Shopify Help Center | Add a subdomain for your Shopify-managed domain
After the domain and subdomain are added in the store’s admin, set them up to point to the Hydrogen Storefront and Checkout respectively.
- Redirect traffic to the Hydrogen channel

HOYO · November 26, 2025, 6:42pm

Hello, @Kellan-Shopify
Ok, got it. Now i’m correct working w/ Shopify Apps

I have a doubt

When I created my store, the domain fxsrju-hu.myshopify.com was self generated

But now I have my domains but I don’t know how to remove it

Kellan-Shopify · November 26, 2025, 6:57pm

Hi @HOYO,

This is expected behaviour, you are unable to remove the default domain from when the store was created. This is also mentioned in our Help Center documentation:

Shopify Help Center | Removing domains

Your myshopify.com domain name can’t be removed or transferred because you use your original myshopify.com domain name to log in to your Shopify admin and identify your account when you contact Shopify Support.

Additionally, you should alway use this default domain when making API requests, for example, all of your Admin API calls should go to:

https://fxsrju-hu.myshopify.com/admin/api/2025-10/graphql.json

And all of your Storefront API calls should go to:

https://fxsrju-hu.myshopify.com/api/2025-10/graphql.json

Topic		Replies	Views
Welcome to the Authentication & Access Board! Authentication & Access oauth , access-scopes	3	279	October 30, 2024
Apps will be reviewed for necessary scopes Authentication & Access access-scopes	3	74	January 27, 2025
Getting that Customer Scope Approval Screen? Authentication & Access access-scopes	6	55	December 20, 2024
Migration to Dev Dashboard Dev Platform auth	2	300	September 10, 2025
Scopes get overridden on local development dev store Dev Platform cli	3	53	October 5, 2025

Using new developer dashboard and releasing app

Related topics