Hello Shopify Friends,

Shopify is a great value platform not only for merchants but also for developers who want to publish their apps on Shopify App Store. For this, they need a Shopify API. Shopify API allows downloading shop inventory and data that is required by Shopify Apps to function.  Check out the latest Shopify editions with 100+ new products and updates.

In order to access Shopify API, you need the authorization of the app. Let’s learn more

Shopify OAuth Flow

In Shopify App Development using Laravel, we need an access token to make the app authorized to access Shopify resources. Shopify CLI provides OAuth Flow to make the app authenticate. OAuth Flow provides you with an access token that can be used with every Shopify API request.

You can visit the official tutorial of OAuth flow.

Shopify Access Modes

You can generate a Shopify access token to access Shopify resources. There are two types of access modes in Shopify to generate an access token.

  1. Online Access Mode
  2. Offline Access Mode

Let us know the difference between the two

Difference Between – Online Access Mode & Offline Access Mode

Online Access Mode Offline Access Mode
Online access must be specifically requested during the authorization stage of OAuth. Offline access is the default mode when nothing is specified.
Tokens with an online access mode are associated with an individual user on a store. Hence, the lifespan of the access token and the user’s web session is the same. Tokens with offline access mode are meant for long-term access to a store, where no user interaction is involved.
Online access modes are used when a user is interacting with an app through the web and when the user permission level matters. Offline access modes are used for background work or maintenance work.
The online access mode generates a temporary access token that expires after some time (approx. 24 hours). When the access token is expired, Shopify generates a 401 Unauthorized response code. The offline access mode generates a permanent access token that expires only when the app gets uninstalled.
Use Case:

  • Your app’s security requirements specify short-lived access to a store.
  • When the user needs to manually trigger some events that require access to Shopify API.
Use Case:

  • Your app’s security requirements specify long-lived access to a store.
  • When you need to access API without the brand admin’s manual intent.

Here, create an OAuth Token using shopify-php-api.

online access mode example

Here, true is suggested that it generates an online access token.


Here, create an OAuth Token using shopify-php-api.

offline access mode example

Here, false is suggested that it generates an offline access token.

Final Words:

This was all about Shopify OAuth Flow and Access Modes. Share the article with your Shopify friends to help them get the required information about authenticating the Shopify App.

Hire Shopify Developer to get your custom app built and add additional functionality to your Shopify Store.

Happy Reading!

Click to rate this post!
[Total: 2 Average: 5]