Shopify Token Manager

Quick Start

Validate Current Token

from scripts.validate_token import validate_shopify_token

is_valid, message = validate_shopify_token()
print(f"Token status: {message}")

Check Token Before Operations

Always validate token before making Shopify API calls:

from scripts.validate_token import validate_shopify_token
from shopify_client import shopify_client

# Validate first
is_valid, message = validate_shopify_token()
if not is_valid:
    print(f"❌ {message}")
    print("Run: python scripts/get_new_token_instructions.py")
    exit(1)

# Proceed with API calls
products = list(shopify_client.get_products(limit=10))

Token Management Workflow

1. Detect Expired Token

When you see 401 Unauthorized errors:

Shopify API error: 401 Client Error: Unauthorized
{"errors":"[API] Invalid API key or access token"}

→ Token has expired or been revoked.

2. Get New Token

Run the instructions script:

python scripts/get_new_token_instructions.py

This outputs step-by-step guide for generating new Admin API Access Token.

3. Update Configuration

Edit config.py and replace:

SHOPIFY_API_TOKEN = "your_new_token_here"

4. Validate New Token

python scripts/validate_token.py

Token Security Best Practices

• Never commit tokens to git - Use environment variables
• Rotate tokens every 90 days - Set calendar reminder
• Use minimal scopes - Only request permissions needed
• Store in environment variables:

  export SHOPIFY_API_TOKEN="shpat_..."
  

  Then in config.py:

  SHOPIFY_API_TOKEN = os.getenv("SHOPIFY_API_TOKEN")
  

Troubleshooting

401 Unauthorized

• Token expired → Generate new token
• Wrong store domain → Check SHOPIFY_STORE_DOMAIN
• Token revoked → Check Shopify Admin app status

403 Forbidden

• Insufficient permissions → Check app scopes
• Shop not accessible → Verify store URL

Rate Limiting (429)

• Normal behavior, client auto-retries
• If persistent, increase SHOPIFY_RATE_LIMIT delay

References

• Shopify Admin API Authentication
• Token Scopes Guide