FROM CACHE - en_header
Promotion image

How can I install/publish my custom app using an API?

Solved

How can I install/publish my custom app using an API?

Sneha_Subhash
Shopify Partner
4 0 0
‎05-13-2025 08:27 AM

Hi Shopify Community,

I’ve created a custom app and I want to install it to a merchant's store programmatically using the API.

Is there a way to automate the installation process (like generating an install link or triggering OAuth) via API, without using the Partner Dashboard?

Any guidance or documentation links would be appreciated.

Labels:
657 Views
0 Likes
Report
Accepted Solution (1)

mageplaza-cs
Shopify Partner
552 46 86
‎05-20-2025 03:36 AM

This is an accepted solution.

Hi @Sneha_Subhash 

I am from Mageplaza - Shopify solution expert.

 

Yes, you can programmatically install a custom Shopify app to a merchant store using the OAuth 2.0 flow, without using the Partner Dashboard for every installation.

While the initial app creation and registration (client ID, secret, etc.) must happen in the Shopify Partner Dashboard, once your custom app is created, you can automate the installation process via OAuth.

 

Here's How to Automate the Installation Process
Step 1: Generate the App Installation (OAuth Authorization) URL
You can generate the installation URL dynamically for any store using the following format:

https://{shop}.myshopify.com/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_uri}&state={nonce}&grant_options[]=per-user

Parameters:

  • {shop} – Store’s subdomain (e.g., example-store)
  • {api_key} – Your app’s API key from the Partner Dashboard
  • {scopes} – Required access scopes (comma-separated), e.g. read_orders,write_products
  • {redirect_uri} – Where Shopify should redirect after the merchant grants access
  • {nonce} – Random string to protect against CSRF
  • grant_options[]=per-user – Optional: request online tokens (for logged-in users)

Step 2: Merchant Authorizes the App
You redirect the merchant to the above URL. They will see a prompt to install your app and approve the permissions.

 

Step 3: Receive Authorization Code (Redirect)
After approval, Shopify redirects to your {redirect_uri} with the following query parameters:

?code={authorization_code}&hmac=...&shop=...&state=...&timestamp=...

You validate the hmac and state, then extract the code.

 

Step 4: Exchange the Authorization Code for an Access Token
Make a POST request to:

POST https://{shop}.myshopify.com/admin/oauth/access_token

With body:

{
  "client_id": "your-api-key",
  "client_secret": "your-api-secret",
  "code": "authorization_code"
}

Response:

{
  "access_token": "",
  "scope": "read_orders,write_products"
}

Now you can use this access_token to make authenticated calls to that merchant's store.

 

Automating Installation Across Stores
You can script the entire process up to step 2:

  • Dynamically generate the install URL based on the {shop} input.
  • Redirect or send the merchant that link.

Manual interaction is still required once per store, as Shopify does not allow silent installation due to security and privacy compliance (GDPR, etc.).

 

What You Cannot Do via API:

  • Auto-install the app without merchant interaction
  • Skip the OAuth screen
  • Bypass permission confirmation (this must be user-approved)

Please let me know if it works as expected!

Best regards!

Mageplaza | Top-Rated Shopify Agency | Trusted by 230,000+ worldwide merchants


If our suggestion works for you, please give it a Like or mark it as a Solution!


Should you have any questions or concerns, feel free to contact us via consultant@mageplaza.com

View solution in original post

400 Views
0 Likes
Report
Reply 1 (1)

mageplaza-cs
Shopify Partner
552 46 86
‎05-20-2025 03:36 AM

This is an accepted solution.

Hi @Sneha_Subhash 

I am from Mageplaza - Shopify solution expert.

 

Yes, you can programmatically install a custom Shopify app to a merchant store using the OAuth 2.0 flow, without using the Partner Dashboard for every installation.

While the initial app creation and registration (client ID, secret, etc.) must happen in the Shopify Partner Dashboard, once your custom app is created, you can automate the installation process via OAuth.

 

Here's How to Automate the Installation Process
Step 1: Generate the App Installation (OAuth Authorization) URL
You can generate the installation URL dynamically for any store using the following format:

https://{shop}.myshopify.com/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_uri}&state={nonce}&grant_options[]=per-user

Parameters:

  • {shop} – Store’s subdomain (e.g., example-store)
  • {api_key} – Your app’s API key from the Partner Dashboard
  • {scopes} – Required access scopes (comma-separated), e.g. read_orders,write_products
  • {redirect_uri} – Where Shopify should redirect after the merchant grants access
  • {nonce} – Random string to protect against CSRF
  • grant_options[]=per-user – Optional: request online tokens (for logged-in users)

Step 2: Merchant Authorizes the App
You redirect the merchant to the above URL. They will see a prompt to install your app and approve the permissions.

 

Step 3: Receive Authorization Code (Redirect)
After approval, Shopify redirects to your {redirect_uri} with the following query parameters:

?code={authorization_code}&hmac=...&shop=...&state=...&timestamp=...

You validate the hmac and state, then extract the code.

 

Step 4: Exchange the Authorization Code for an Access Token
Make a POST request to:

POST https://{shop}.myshopify.com/admin/oauth/access_token

With body:

{
  "client_id": "your-api-key",
  "client_secret": "your-api-secret",
  "code": "authorization_code"
}

Response:

{
  "access_token": "",
  "scope": "read_orders,write_products"
}

Now you can use this access_token to make authenticated calls to that merchant's store.

 

Automating Installation Across Stores
You can script the entire process up to step 2:

  • Dynamically generate the install URL based on the {shop} input.
  • Redirect or send the merchant that link.

Manual interaction is still required once per store, as Shopify does not allow silent installation due to security and privacy compliance (GDPR, etc.).

 

What You Cannot Do via API:

  • Auto-install the app without merchant interaction
  • Skip the OAuth screen
  • Bypass permission confirmation (this must be user-approved)

Please let me know if it works as expected!

Best regards!

Mageplaza | Top-Rated Shopify Agency | Trusted by 230,000+ worldwide merchants


If our suggestion works for you, please give it a Like or mark it as a Solution!


Should you have any questions or concerns, feel free to contact us via consultant@mageplaza.com

401 Views
0 Likes
Report

Community Blog Articles

May '25.jpg
Celebrating our Members of May '25

June brought summer energy to our community. Members jumped in with solutions, clicked ...

By JasonH Jun 5, 2025
441285313-63bbef53-3fbe-4e8b-a706-5b37afa90468.png
Automate store operations with Shopify Academy & Coding with Jan

Learn how to build powerful custom workflows in Shopify Flow with expert guidance from ...

By Jacqui May 7, 2025
April 25.jpg
Highlighting our Members of April '25

Did You Know? May is named after Maia, the Roman goddess of growth and flourishing! ...

By JasonH May 2, 2025
Terms of Service Privacy Policy