Confusion over Shopify Python API credentials: what “PASSWORD” and “SHARED_SECRET” refer to, and how to obtain them in current apps.
Key clarifications:
“PASSWORD” in the Getting Started example applies to legacy private apps. Private apps are discontinued for new creation (existing ones still work). For new custom apps, use API key and API secret key; no “password” is used.
“SHARED_SECRET” was historically used (e.g., for webhook HMAC verification) with private apps. The reply does not explicitly state where to find it for custom apps; only that custom apps use API key and API secret key.
Context/terms:
API key: public identifier for the app.
API secret key: sensitive credential used for secure flows (e.g., signing, OAuth).
Shared secret: term commonly used for the secret used in verifications; mapping to the “API secret key” for custom apps is implied but not confirmed in the thread.
Outcome/status:
Partial resolution: migrate to custom apps and authenticate with API key + API secret key.
Open question: explicit guidance on “shared_secret” for webhooks in custom apps remains unanswered. A screenshot shows where to find the API key and API secret key.
Summarized with AI on February 23.
AI used: gpt-5.
I am new to Shopify API and it seems to me the Shopify Python API are mixing up or confuse new comers like me.
In their Getting Started section on http://shopify.github.io/shopify_python_api/ they mention API_KEY and the PASSWORD. But what is PASSWORD ?Is it the password I use to user name to connect to my Shopify webshop or other? I can only generate or find API_KEY and “API secret key” (nothing about PASSWORD) in my app. It mentions also SHARED_SECRET. What is that and where I can generate or find that?
I have not been able to connect via API to my app due to confusing concepts here in this API documentation.
Thanks for your questions regarding which credentials to use with the Python API. The first example in the tutorial showing PASSWORD is for a private app. Private apps have been discontinued - while pre-existing private apps will continue to work, you are not able to create new ones. Rather, you will now be creating a custom app, either via the partner admin or directly in your Shopify shop admin. The custom app uses the API key and API secret key, rather than the password.
