I can kind of understand the reasons behind invalidating tokens on uninstall. At the same time, it would also make sense to invalidate the tokens, say, 5 minutes after uninstall, to allow app developers to clean up their changes to the shop/theme.
Topic summary
Issue: After receiving the app/uninstalled webhook in a Shopify app, attempts to use the stored access token to call the Admin API return 401 Unauthorized, preventing cleanup of data created during installation.
Consensus/behavior: Uninstall immediately invalidates the access token, so no further Admin API calls are possible. As a result, in-store resources (e.g., discounts, theme edits) cannot be removed post-uninstall.
Common handling pattern:
- On app/uninstalled, attempt an API call with the token.
- If it returns 401, treat it as confirmed uninstall and delete only your app’s own records from your database.
- If it succeeds, assume the app was reinstalled or access restored and retain data.
Design guidance: Avoid persistent changes to the merchant’s store. Prefer approaches like ScriptTags or App Blocks over directly editing theme files, since those can’t be reliably cleaned up after uninstall. By extension, discounts created by the app cannot be deleted once the app is uninstalled.
Discussion outcome: No grace period exists (e.g., 5 minutes) due to security concerns; immediate revocation protects merchants. Practical resolution: plan for no post-uninstall access; cleanup is limited to your own data.
2 Likes