How to get sessionToken in Admin block/action Extension

Retired Boards Appdev Authentication

Topic summary

A developer is building a Shopify Admin Action Extension and needs to authenticate API calls to an external server (not Shopify’s Admin API). They attempted to import authentication functions from their web/frontend folder into the extension folder but encountered issues.

Shopify’s recommended approach:

  • Use Direct API Access for calls to Shopify’s Admin GraphQL API—these are automatically authenticated by default
  • For calls to the app’s own backend, use fetch() with the configured auth domain or subdomains—an Authorization header with an OpenID Connect ID Token is automatically added
  • No manual session token management is needed for these scenarios

Unresolved challenge:
One participant successfully received the Authorization header after initial difficulties. However, another developer asks about making requests to a separate server that is not the configured auth domain or subdomain, questioning whether manual session token management is possible in Admin UI Extensions. This specific use case remains open/unanswered in the thread.

Summarized with AI on November 10. AI used: claude-sonnet-4-5-20250929.
4

Thank you for confirming your use case!

If you are making API calls to your apps backend, when you use fetch() to make a request to your app’s configured auth domain or any of its subdomains, an Authorization header is automatically added with a Shopify OpenID Connect ID Token. There’s no need to manually manage session tokens. Docs here