Authentication

To interact with the Shopify API, your application must provide the necessary authentication credentials in each HTTP request to Shopify. The way to provide these credentials depends on the type of application that you're developing. Shopify supports two different types of applications: public applications and private applications.

Public applications

Public applications can interact with the Shopify API on behalf of multiple stores, as long as the application has been granted explicit permission by the merchant. You can create a public application from the Apps page in your Partner dashboard.

Public applications authenticate to Shopify by providing the X-Shopify-Access-Token header field in each HTTP request to the Shopify API. This access token is obtained through an OAuth handshake.

See the OAuth documentation for more details.

Other OAuth topics

Private applications

Private applications can interact with the Shopify API on behalf of only one particular store. These applications authenticate with Shopify through basic HTTP authentication. The required credentials must be generated from the Shopify admin of the store that you want to connect with your application.

See our documentation on Private authentication for more details.