Shopify Access Instantiator

⚙️ HOW TO PREPARE YOUR APP (Shopify Dev Dashboard 2026)

1️⃣ Open Your App

• Go to Shopify Partners → App Distribution
• Select your app (create one in the Dev Dashboard if necessary, then return to step 1)

2️⃣ Select Distribution Method (MANDATORY)

Shopify requires you to define how your app will be distributed.
  • Go to Distribution
  • Select Custom
  • Choose Install on specific store
  • Enter the store domain you want to connect
  • Save
  • Open the generated installation link and install the app on your store
⚠️ If you do not select Custom distribution, app installation and OAuth will fail.
⚠️ Storefront API Requirement

If you want to generate a Storefront Access Token, you must enable Storefront API access inside the API access section in the Partners portal.

If Storefront API is not enabled, Storefront token generation will fail.

3️⃣ Go to "Versions" (Dev Dashboard)

Shopify uses a version-based configuration system.
All URLs, API permissions, and Storefront access settings are configured inside a version.
⚠️ IMPORTANT - You Cannot Edit an Active Version

Once a version is released, it becomes active and cannot be edited.

If there is any mismatch in:
  • App URL
  • Redirect URL
  • API scopes
  • Storefront API access
  • Any configuration
You must:
  1. Create a new version
  2. Fix the configuration
  3. Click Release
Only the latest released version is active.

4️⃣ Configure App URLs (Inside the Version)

Inside your new version, verify:
  • App URL: https://shopify-access-keys-instantiator.cdmdockers.mystableserver.com
  • Allowed Redirection URL: https://shopify-access-keys-instantiator.cdmdockers.mystableserver.com/auth/callback
⚠️ The Redirect URL must match EXACTLY (including protocol and trailing slashes).

5️⃣ Configure API Permissions

Inside your new version:
  • Select all required API permissions (scopes)
  • Save changes

6️⃣ RELEASE THE VERSION (MANDATORY)

  • Click Release
⚠️ If you do NOT release the version:
  • OAuth will fail
  • Permissions will not apply
  • Redirect validation will fail
  • Token exchange will fail

7️⃣ Get API Credentials

Go to Settings and copy:
  • Client ID
  • Client Secret

8️⃣ Re-instantiate Keys After Scope Changes

  • Whenever you change API scopes, you must repeat steps 6️⃣ and 7️⃣ to apply the new permissions.
  • This ensures the admin access token is updated and a new Storefront token is generated with the updated scopes.
  • On the right-side menu, you can list and delete existing Storefront tokens - use this to remove outdated tokens if necessary.

🔐 Tokens generated by this tool are permanent offline access tokens.

Install App

Storefront Tokens

Uses Admin GraphQL. Requires read_storefront_access_tokens.