How can we get the online access token in our custom app ?

mrinmoy_dev · June 19, 2023, 10:48am

In our current custom app, we are performing some operations (e.g. creating/updating/deleting draft orders) through admin API service using offline access token which we got during app installed and it is working fine. Now along with this offline access token, we need online access token to detect the staff/user who is performing these operations (e.g. creating/updating/deleting draft orders). Is there any way to get the online access token along with the current flow when our custom app is loaded in the Shopify admin ? We are using PHP as server side language and CURL to call every admin API.

Shayne · June 19, 2023, 6:47pm

Hi there,

If your app was created through the partner dash, you can visit our documentation on how to create an online access token alongside your offline access token. If your app was created from the merchant admin, then you won’t be able to use online access tokens, and I would recommend instead creating a new API client through the partner dashboard.

Thanks for the question, and happy building!

tcoklu · June 22, 2023, 2:04pm

Hi Shayne,

We own a cloud application for inventory and order management for multi platforms like Amazon, Ebay, Etsy, Walmart etc. including Shopify.
We’d like to get our customers Shopify api credentials or authorization to fulfill their requirements. Currently our customers provide their private shopify app credentials manually. But We’d like to make it like Amazon API web site authorization workflow.
What is the best practice?
Could you please direct us?
Cheers
Tuncay

mrinmoy_dev · June 23, 2023, 7:15am

Hi @Shayne

We have created an app from our partner dashboard for our client. During installation we have requested with scope ‘read_users’ along with others scopes, but we are unable to install into our client’s merchant store. During installation, it is showing following error. If we remove the ‘read_users’ scope from the scopes, it is allowing us to install the app; but we need this scope, as we need get the information about current logged staff. What is the problem here ? Could you please direct us ?

soloveiiko · September 9, 2025, 4:35pm

If you want to obtain an online access token, you need to set up a separate online OAuth flow.

Node/Remix SDK

export const shopify = shopifyApp({
  ...
  useOnlineTokens: true, 
  ...
});

With this enabled, during authentication you will have access to onlineAccessInfo, which contains the staff user’s email and other user-related data.

PHP + cURL

In the PHP SDK there is no built-in parameter, so you need to call the API directly. Shopify supports exchanging a session token → online access token.

curl -X POST \
  https://{shop}.myshopify.com/admin/oauth/access_token \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -d '{
      "client_id": "{client_id}",
      "client_secret": "{client_secret}",
      "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
      "subject_token": "{session_token}",
      "subject_token_type": "urn:ietf:params:oauth:token-type:id_token",
      "requested_token_type": "urn:shopify:params:oauth:token-type:online-access-token"
  }'

In the response, you will receive an online access token that is valid for a few minutes and tied to a specific staff/owner. From this token, you can read associated_user.email.

Topic		Replies	Views
What's the best way to obtain offline and online tokens for app development? Shopify Apps	1	20	August 4, 2021
Shopify REST API Oauth - 401 Error Graphql Basics And Troubleshooting	12	107	August 6, 2022
Shopify-api-node get both offline and online token Custom Storefronts Setting-Up	9	43	October 7, 2022
Do i need both online and offline token? Tools	0	21	March 23, 2023
Shopify App とアクセストークンについて Shopify アプリ	3	27	February 20, 2020

How can we get the online access token in our custom app ?

Topic summary

Node/Remix SDK

PHP + cURL

Related topics