Shopify Public and Private Apps

Updated 1 month ago by Colin Mollenhour

ShipStream's Shopify Plugin supports authentication both with and without OAuth. OAuth is an authentication workflow whereby the user can authorize an application by approving an app as an authenticated Shopify user and without sharing their login credentials or directly copying and pasting an API key.

Which should I choose?

OAuth 2.0 authentication is required for "Public apps" and "Custom apps" and is the recommended way to manage integrations for 3PLs who want to offer an app to their customers on the Shopify App Store, whether it is Listed or Unlisted. For merchants that have no need for a public Shopify app, it will be easier to not use OAuth and to instead create a Private app.

Please see Types of apps for a more detailed description of the differences between the types of Shopify apps.

The "Use OAuth" configuration is a global configuration. You can switch modes at any time and subscriptions that are already connected will continue to work but new subscriptions will have to be connected using the current mode so it is recommended not to change this setting frequently.

Public App Setup (Using OAuth)

To create a Public app you must first sign up as a Shopify Partner for your company. In your Shopify Partners dashboard click "Apps" and then "Create app" to begin the process. The urls for your App setup will be supplied in the Shopify Plugin section of the ShipStream configuration under System > Configuration > Plugins/Webhooks > Shopify Plugin.

Your Shopify app must be approved by Shopify before it can be used for more than one store so be sure to account for 1-2 weeks for the approval to be completed.

Once approved, your Shopify users will be able to connect their stores by visiting the app listing to install your app, or by clicking the Connect button on ShipStream's Edit Subscription page.

Private App Setup (Not using OAuth)

If not using OAuth then you can add a Subscription for the Shopify plugin in ShipStream and simply obtain a Private App Access Token and paste this into the Subscription's Plugin Configuration section.

Obtaining a Private App Access Token

To obtain a private app access token go to your Shopify store's admin panel and click "Apps" and then "Manage private apps".

Click "Enable private app development" and read the terms carefully and accept to continue.

Click "Create private app" to create your private app for use with ShipStream and provide a name and contact email.

Set all of the appropriate permissions for the app by clicking "Show inactive Admin API permissions".

The permissions required by the Shopify Plugin are:

  • Assigned fulfillment orders: Read and write
  • Fulfillment services: Read and write
  • Inventory: Read and write
  • Orders: Read and write
  • Products: Read access
  • Shipping: Read and write

The Storefront API access is not needed so should be left unchecked.

After clicking Save, the API Key and Password will be generated by Shopify. Copy the "Password" and paste this into the Private App Access Token field in ShipStream.


How did we do?