Focuses on API authentication, access scopes, and permission management.
In our current custom app, we are performing some operations (e.g. creating/updating/deleting draft orders) through admin API service using offline access token which we got during app installed and it is working fine. Now along with this offline access token, we need online access token to detect the staff/user who is performing these operations (e.g. creating/updating/deleting draft orders). Is there any way to get the online access token along with the current flow when our custom app is loaded in the Shopify admin ? We are using PHP as server side language and CURL to call every admin API.
Hi there,
If your app was created through the partner dash, you can visit our documentation on how to create an online access token alongside your offline access token. If your app was created from the merchant admin, then you won't be able to use online access tokens, and I would recommend instead creating a new API client through the partner dashboard.
Thanks for the question, and happy building!
Shayne | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
Hi Shayne,
We own a cloud application for inventory and order management for multi platforms like Amazon, Ebay, Etsy, Walmart etc. including Shopify.
We'd like to get our customers Shopify api credentials or authorization to fulfill their requirements. Currently our customers provide their private shopify app credentials manually. But We'd like to make it like Amazon API web site authorization workflow.
What is the best practice?
Could you please direct us?
Cheers
Tuncay
Hi @Shayne
We have created an app from our partner dashboard for our client. During installation we have requested with scope 'read_users' along with others scopes, but we are unable to install into our client's merchant store. During installation, it is showing following error. If we remove the 'read_users' scope from the scopes, it is allowing us to install the app; but we need this scope, as we need get the information about current logged staff. What is the problem here ? Could you please direct us ?