How to Get Shopify API Key?

The Shopify API Key is a unique code that allows third-party applications to access your store data and functionality. It is used to integrate third-party apps to improve store performance and add new features to your store.

Developers use API to build custom solutions that integrate with your Shopify store and enhance customer experience. Shopify generates different API keys for Private and Public apps because each type is used for different objectives. API keys allow you to automate your tasks and sync data easily across multiple platforms.

What Is Shopify API Key?

A Shopify API key allows third-party apps to integrate with a specific store. It is an authentication token, when API requests to access data. This key is used for managing products, processing orders, and retrieving customer information.

These keys are essential for developers who build custom applications or integrate external tools with a Shopify store. By using the API key, developers can improve store functionality and shopping experience to match unique business needs.

Each app in Shopify has its own API key and has specific permissions to perform the action within the store. Developers should keep it confidential to prevent unauthorized access or any misuse.

What are the Different Types of Shopify API Keys?

There are two main types of Shopify API keys.

  • Private API Key
  • Public API Key

1. Private API Key

A private API key is used with private apps that are specifically built for a single Shopify store. The private apps are not listed on the Shopify App Store, as they provide access to sensitive store data. It must be kept confidential and should only be stored on your server-side application.

2. Public API Keys

A public API key is issued by an API provider that allows any user to access non-sensitive, publicly available data or functionalities provided by an API. They are used in client-side applications for read-only access, where the service is openly accessible without requiring any security. These keys are freely shared with anyone as they do not grant access to sensitive or private information. However, they offer limited security compared to private API keys and should not be used for confidential actions.

How to Generate Shopify API Key for Private Apps?

You can get the Shopify API key for a private app by following these steps:

  • Log in to the Shopify admin panel.
  • Go to “Settings” bottom left corner.
  • Click on “Apps and sales channels” and select Develop App.
  • Next, click on “Create an app” and enter a name.
  • In the API Credentials section, click on Configure Admin API scopes and set API permissions you need to access.
  • Then save the setting. Now you'll see the API key and API secret key under the Admin API section to authenticate your private app.

Create Shopify API Key for Private App

How to Generate Shopify API Key for Public Apps?

This key is part of the app credentials and is used during the OAuth process to establish a secure connection between the app and the merchant's store. Follow these steps to generate the API key for public app:

  • Log in to the Shopify partner dashboard.
  • Click on App on the left-hand sidebar and then select Create app.
  • Click on Create App manually, and input the name for your custom app.
  • Now select Choose Distribution and select the public app.
  • Here you can get the API key and API secret key.
  • With the recent update, Shopify has changed both key names to Client ID and Client Secret.
  • Generate Shopify API Key for Public App

How to Regenerate Shopify API Key?

If you lose your Shopify app API key, you need to regenerate a new one to restore access to your app data and functionalities. Follow the steps below to create a new API key:

  • Log in to your Shopify partner account.
  • Navigate to the Apps section.
  • Select and open the specific app for which you need a new API key.
  • Click on API access under client credentials.
  • Then click on the Generate refresh token.

Regenerate Shopify API Key

After generating the new credentials, integrate these details with your system to ensure seamless access to Shopify API and maintain the functionality of services without any interruption.

Is It Possible to Use Multiple Shopify API keys on Shopify Store?

Yes, you can use multiple Shopify API keys in a Shopify store. Each app you develop or install can have its own API key, allowing you to manage different integrations and functionalities separately. This setup helps maintain security and organization within your store's API interactions.

Best Practices for using Shopify API key?

When working with Shopify app access identifiers, there are some best practices to follow for security measures.

Avoid inserting API keys in frontend code: Never insert API keys directly in frontend or client-side code, public repositories, or documentation. This can lead to unexpected exposure to unauthorized users. To avoid this, store your Shopify store's API in secure places like encrypted configuration files or secret management services.

Limit scopes: Grant each API only the necessary permissions according to its specific function. Regularly check the fields given to the API and reduce them if possible to minimize risks.

Use OAuth for public apps: For public and third-party apps, use OAuth 2.0 authentication instead of the simple API. OAuth 2.0 provides secure, token-based access, grants or removes permissions accordingly, and provides an extra layer of security.

Regenerate API Key: If the API key is compromised or leaked, immediately remove it to prevent unusual access. Recreate the new one and never try to use a previously exposed key again.