To interact with the Shopify API, your application must provide the necessary authentication credentials in each HTTP request to Shopify. The way to provide these credentials depends on the type of application that you're developing. Shopify supports two different types of applications: public applications and private applications.
Public applications can interact with the Shopify API on behalf of multiple stores, as long as the application has been granted explicit permission by the merchant. You can create a public application from the Apps page in your Partner dashboard.
Public applications authenticate to Shopify by providing the
X-Shopify-Access-Token header field in each HTTP request to the Shopify API. This access token is obtained through an OAuth handshake.
Other OAuth topics
API credential rotation - Rotate credentials without any downtime.
Uninstalling apps - Uninstall an app on any shop through the API.
Private applications can interact with the Shopify API on behalf of only one particular store. These applications authenticate with Shopify through basic HTTP authentication. The required credentials must be generated from the Shopify admin of the store that you want to connect with your application.