Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Re: How do we get the refresh token through the APIs?

How do we get the refresh token through the APIs?

agaonkar
Excursionist
33 0 3

How do we get the refresh token through the APIs?

Currently to get the refresh token we need to go to the Shopify Partner login and generate a new refresh token. 

Can anyone please let me know how can we get it via postman/api?

 

Replies 4 (4)

oscprofessional
Shopify Partner
16204 2422 3145

Hello 
Please refer below link this will help you:

https://help.shopify.com/en/api/getting-started/authentication/oauth/api-credential-rotation#step-4-...

Get pass your Store Core Web Vital Free Speed Optimization Audit, Chat on WhatsApp | Skype : oscprofessionals-87 | Email: pallavi@oscprofessionals.com | Hire us | Guaranteed Site Speed Optimization | Website Free Audit | Shopify Theme Customization | Build Shopify Private App | Shopify SEO | Digital Marketing | Oscp Upsell & Cross sell App : Free | Oscp Sales & Volume Discount App : Free | Custom Pricing Wholesale App : Free | OSCP Shipping Discounts App : Free

Ryan
Shopify Staff
499 42 120

There is no way to generate a refresh token through the API.  See the guide below on the full steps:

 

https://help.shopify.com/en/api/getting-started/authentication/oauth/api-credential-rotation#step-4-...

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

transcend-dev
Shopify Partner
4 0 5

Is this a feature that is upcoming?  It seems like it is a security flaw for users of OAuth2 applications to have to trust that the application they've authorized is going to have good credential hygiene. 

 

KountTPA
Shopify Partner
8 0 4

We have a need for generating a refresh token through an API. We need to be rotating credentials every 20 mins. It's just not feasible to have someone press a button and run a script every 20 mins.