StorefrontAccessToken

You can use the StorefrontAccessToken resource to generate storefront access tokens. Storefront access tokens are used to delegate unauthenticated access scopes to clients that need to access the unautheticated Storefront API. A sales channel can generate a storefront access token and then pass it to a consuming client, such as JavaScript or a mobile application.

Note

Storefront access tokens are allocated on a per shop basis, and an application can have a maximum of 100 active Storefront access tokens per shop.

A storefront access token inherits all of the unauthenticated access scopes from the app that creates it. If the app has not been granted any unauthenticated access scopes, then creating the storefront access token will fail.

What you can do with StorefrontAccessToken

The Shopify API lets you do the following with the StorefrontAccessToken resource. More detailed versions of these general actions may be available:

StorefrontAccessToken properties

id
read-only
"id": 1053727709

Unique id that identifies a token and is used to perform operations on it.

access_token
read-only
"access_token": "4f12cc6de73079c2c92ef4bef9e3c68a"

The issued public access token.

access_scope
read-only
"access_scope": "unauthenticated_read_product_listings"

An application-dependant, comma separated list of permissions associated with the token.

created_at
read-only
"created_at": "2016-11-10T15:15:47-05:00"

The date and time when the public access token was created. The API returns this value in ISO 8601 format.

title
required
"title": "Test"

An arbitrary title for each token determined by the developer/application, used for reference purposes.

Note

No constraint on uniqueness.

Endpoints

POST /admin/storefront_access_tokens.json
Creates a new storefront access token

Generating a token for an app that lacks required unauthenticated scopes fails

POST /admin/storefront_access_tokens.json
{
  "storefront_access_token": {
    "title": "Test"
  }
}
View Response
HTTP/1.1 403 Forbidden
{
  "errors": "App must be extendable to create a storefront access token."
}

Creating a token after exceeding the limit fails

POST /admin/storefront_access_tokens.json
{
  "storefront_access_token": {
    "title": "Token"
  }
}
View Response
HTTP/1.1 400 Bad Request
{
  "errors": [
    "Api permission exceeds public access token limit of: 100"
  ]
}

Create a new storefront access token

POST /admin/storefront_access_tokens.json
{
  "storefront_access_token": {
    "title": "Test"
  }
}
View Response
HTTP/1.1 200 OK
{
  "storefront_access_token": {
    "access_token": "282e7cc7d86c446d4074ee0037805cd7",
    "access_scope": "unauthenticated_read_product_listings",
    "created_at": "2018-11-27T15:59:40-05:00",
    "id": 804561002,
    "admin_graphql_api_id": "gid://shopify/StorefrontAccessToken/804561002",
    "title": "Test"
  }
}
DELETE /admin/storefront_access_tokens/755357713.json
Deletes an existing storefront access token

Delete an existing storefront access token

DELETE /admin/storefront_access_tokens/#{storefront_access_token_id}.json
View Response
HTTP/1.1 200 OK
GET /admin/storefront_access_tokens.json
Retrieves a list of storefront access tokens that have been issued

Retrieve a list of storefront access tokens that have been issued

GET /admin/storefront_access_tokens.json
View Response
HTTP/1.1 200 OK
{
  "storefront_access_tokens": [
    {
      "access_token": "378d95641257a4ab3feff967ee234f4d",
      "access_scope": "unauthenticated_read_product_listings",
      "created_at": "2018-11-27T15:59:13-05:00",
      "id": 755357713,
      "admin_graphql_api_id": "gid://shopify/StorefrontAccessToken/755357713",
      "title": "API Client Extension"
    }
  ]
}

Sign up for a Partner account to get started.

Sign up