Can I use GraphQL without an access token?

Shopify Partner
12 1 6



I'm working on a custom app (my first one) and as part of what I'm trying to, I need to be able to read & write to product metafields.


I can see how I'd do it if I was initiating these reads & writes from within the app, but I need to do these also from the backend too.


In brief, a customer will click a button on the product page, which will post a form to the app server. I then need to do the graphQL stuff from that endpoint, yet whenever I try, I get


status = 401, Unauthorized
data returned:
errors: '[API] Invalid API key or access token (unrecognized login or wrong password)'


I can't see how to generate / find the access_token? I guess it's because to get / use one, you need to be coming from the app page, not externally?


The app is built using this repo. I've created the endpoint that the product page posts to in server/index.js


Is there a way to use the GraphQL admin API using the app API KEY & API SECRET? I figure it would be pretty straightforward then, but I've searched and can't find anything?


Or am I approaching this completely wrong? (Wouldn't be the first time).



Reply 1 (1)

Shopify Partner
12 1 6

Ok, after much searching I've figured I need to use an offline token for doing stuff on the back end.


I need to still generate online session tokens, but also create and store an offline one when the app is first installed, I think. There doesn't seem to be much in the way of documentation around this, so would really appreciate if anyone could point me somewhere that could get me started, please?