How to Exchange a Shopify session token for an access token with GraphQL
This article will show you how to exchange a Shopify session token for an access token with GraphQL. This is useful if you want to use the Shopify Admin API with a Shopify session token. This is a common use case when you are building a Shopify app. The Shopify Admin API requires an access token to make requests. However, when you authenticate a user with Shopify, you get a session token. This session token is not the same as an access token. You need to exchange the session token for an access token to make requests to the Shopify Admin API.
We will use the Shopify Admin API to exchange the session token for an access token. We will also show you how to make requests to the Shopify Admin API with the access token. Let's get started?
Prerequisites
Before you start, you need to have a Shopify app set up in your Shopify Partner account. You also need to have a Shopify store where you can install the app. If you don't have a Shopify Partner account, you can create one for free on the Shopify website. You also need to have a basic understanding of GraphQL and how to make requests with it. If you are new to GraphQL, you can learn more about it on the GraphQL website.
#Step 1: Get the session token
The first step is to get the session token from the user. When you authenticate a user with Shopify, you get a session token. This session token is not the same as an access token. You need to exchange the session token for an access token to make requests to the Shopify Admin API. To get the session token, you need to authenticate the user with Shopify. You can do this by redirecting the user to the Shopify login page. When the user logs in, Shopify will redirect the user back to your app with the session token in the URL. You can extract the session token from the URL and store it in a variable.
Your app's front-end must acquire a session token from App Bridge. Your app's back-end is responsible for authenticating all requests using the session token.
# Step 2: Exchange the session token for an access token
The next step is to exchange the session token for an access token. If your app doesn't have a valid access token, then it can exchange its session token for an access token using token exchange. To do this, you need to make a request to the Shopify Admin API with the session token. You can do this with GraphQL. You need to send a mutation to the Shopify Admin API with the session token as a parameter. The mutation will return an access token. You can store the access token in a variable.
Token exchange API
POST https://{shop}.myshopify.com/admin/oauth/access_tokenExample
curl -X POST \
https://{shop}.myshopify.com/admin/oauth/access_token \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"client_id": "{client_id}",
"client_secret": "{client_secret}",
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"subject_token": "{session_token}",
"subject_token_type": "urn:ietf:params:oauth:token-type:id_token",
"requested_token_type": "urn:shopify:params:oauth:token-type:online-access-token"
}'Response:
{
"access_token": "f85632530bf277ec9ac6f649fc327f17",
"scope": "write_orders,read_customers"
}If your session token is expired or invalid, then the token exchange request fails with an HTTP status code of 400 Bad Request.
# Step 3: Make requests to the Shopify Admin API with the access token
The final step is to make requests to the Shopify Admin API with the access token. You can do this by sending a query to the Shopify Admin API with the access token as a header. The query will return data from the Shopify Admin API. You can use this data to display information to the user or perform actions on the user's behalf. Below is the example showing a GraphQL request.
curl -X POST \
https://{shop}.myshopify.com/admin/api/2024-10/graphql.json \
-H 'Content-Type: application/json' \
-H 'X-Shopify-Access-Token: {access_token}' \
-d '{
"query": "{
products(first: 5) {
edges {
node {
id
handle
}
}
pageInfo {
hasNextPage
}
}
}"
}'# Conclusion
In this article, we showed you how to exchange a Shopify session token for an access token with GraphQL. We showed you how to do that with GraphQL. We used the Shopify Admin API to exchange the session token for an access token. We also showed you how to make requests to the Shopify Admin API with the access token. We hope this article was helpful to you.
Thanks for reading and happy coding?
