Set up Shopify CLI auth and Admin API access for a store. Workflow: install CLI, authenticate, create custom app, store access token, verify. Use when connecting to a Shopify store, setting up API access, or troubleshooting auth issues with Shopify CLI or Admin API tokens.
Sets up Shopify CLI authentication and Admin API access for store integration and management.
npx claudepluginhub jezweb/claude-skillsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
references/api-scopes.mdSet up working Shopify CLI authentication and Admin API access for a store. Produces a verified API connection ready for product and content management.
Verify the Shopify CLI is installed:
shopify version
If not installed:
npm install -g @shopify/cli
shopify auth login --store mystore.myshopify.com
This opens a browser for OAuth. The user must be a store owner or staff member with appropriate permissions.
After login, verify:
shopify store info
Custom apps provide stable Admin API access tokens (unlike CLI session tokens which expire).
Check if an app already exists: Ask the user if they have a custom app set up. If yes, skip to Step 4.
If no custom app exists, guide the user through creation via browser:
https://{store}.myshopify.com/admin/settings/apps/developmentreferences/api-scopes.md for details):
read_products, write_productsread_content, write_contentread_product_listingsread_inventory, write_inventoryread_files, write_filesUse browser automation (Chrome MCP or playwright-cli) if the user prefers assistance navigating the admin.
Store the token securely. Never commit it to git.
For project use — create .dev.vars:
SHOPIFY_STORE=mystore.myshopify.com
SHOPIFY_ACCESS_TOKEN=shpat_xxxxxxxxxxxxxxxxxxxxx
Ensure .dev.vars is in .gitignore.
For cross-project use — store in your preferred secrets manager (environment variable, 1Password CLI, Vault MCP, etc.).
Test the connection with a simple GraphQL query:
curl -s https://{store}.myshopify.com/admin/api/2025-01/graphql.json \
-H "Content-Type: application/json" \
-H "X-Shopify-Access-Token: {token}" \
-d '{"query": "{ shop { name primaryDomain { url } } }"}' | jq .
Expected response includes the shop name and domain. If you get a 401, the token is invalid or expired — recreate the app.
Create a shopify.config.json in the project root for other skills to reference:
{
"store": "mystore.myshopify.com",
"apiVersion": "2025-01",
"tokenSource": ".dev.vars"
}
Always specify an explicit API version (e.g. 2025-01). Using unstable in production will break without warning. Shopify retires API versions quarterly.
| Token | Format | Use |
|---|---|---|
| Admin API access token | shpat_* | Custom apps — stable, long-lived |
| CLI session token | Short-lived | Shopify CLI commands only |
| Storefront API token | shpca_* | Public storefront queries |
This skill sets up Admin API access tokens — the right choice for product and content management.
Shopify uses a leaky bucket rate limiter:
For bulk operations, use the bulkOperationRunQuery mutation instead of looping.
references/api-scopes.md — Admin API scopes needed for product and content managementUse when working with Payload CMS projects (payload.config.ts, collections, fields, hooks, access control, Payload API). Use when debugging validation errors, security issues, relationship queries, transactions, or hook behavior.