Introduction
Shopify is an all-in-one e-commerce platform.
This guide explains how to set up Shopify for use with Cyclr, obtain authentication details from Shopify, and how to install a Shopify (OAuth) Connector.
Setup & Authentication
Overview
The Cyclr Shopify (OAuth) Connector actually supports two separate authentication types:
Each authentication type is explained below.
There is also a separate Shopify Connector which only offers API Access Token authentication.
Obtain the Shopify Store’s Hostname
Whichever authentication type you choose, you will require the Shopify store’s hostname.
Shopify’s guide on how to find a store’s hostname can be found here.
App Scopes
Scopes must be added to Shopify apps to match those requested by the Shopify (OAuth) Connector for full functionality.
Cyclr defaults to requesting the following scopes from Shopify:
read_checkouts, write_checkouts, read_customers, write_customers, read_draft_orders, write_draft_orders, read_fulfillments, write_fulfillments, read_gift_cards, write_gift_cards, read_inventory, write_inventory, read_locations, read_merchant_managed_fulfillment_orders, read_orders, write_orders, read_products, write_productsThe Shopify (OAuth) Connector has Webhook Methods in multiple Method Categories. Webhooks in each Method Category require certain scopes to function.
The following table contains a list of scopes Webhooks in each Method Category require:
| Connector Method Category | Required scope |
|---|---|
| Checkout | read_checkouts |
| Collections | read_products |
| Customers | read_customers |
| Draft Orders | read_draft_orders |
| Orders | read_orders |
| Products | read_products |
| Refunds | read_orders |
“Shopify OAuth” Authentication Type
Remote Setup in Shopify – performed by Cyclr Partner
An app must be created within Shopify to obtain a Client ID and Client Secret. Shopify’s guide on how to do this can be found here.
- The Scopes parameter must include scopes that target the Cyclr Connector Methods you intend to use. More details can be found in the App Scopes section. Shopify’s guide on access scopes can be found here.
- The Redirect URLs parameter must include the Callback URL of your Cyclr Partner Console.
The URL is in this format:https://{Your Cyclr Service Domain}/connector/callback
Partner Setup in Cyclr Console
Having created an app within Shopify to obtain a client ID and secret, you can either set those values within your Cyclr Partner Console so that they are used whenever a Shopify (OAuth) Connector is installed, or you can leave them blank to have Cyclr request them each time.
To set them in your Cyclr Partner Console to always be used:
- Go to Connectors > Application Connector Library.
- Use the search box to locate the Shopify (OAuth) Connector entry.
- Select the Pencil button.
- Select the Settings tab.
- Enter the following values:
| Property | Description |
|---|---|
| Client ID | The client ID of the Shopify app. |
| Secret | The secret of the Shopify app. |
| Scopes | A comma-separated list of scopes to be requested during authorization. |
- Select Save Changes.
If you leave these values blank, they must be provided each time the Connector is installed.
Cyclr Connector Installation
When installing a Shopify (OAuth) Connector using “Shopify OAuth” Authentication, the following value should be provided:
| Property | Description |
|---|---|
| Hostname | The hostname of the Shopify store to connect to. For example, if you would login to it using: https://example.myshopify.com/adminYou would provide a value of just: example.myshopify.com |
The following will also be required if you hadn’t provided them in your Partner Console:
| Property | Description |
|---|---|
| Client ID | The client ID of the Shopify app. |
| Secret | The secret of the Shopify app. |
| Scopes | A comma-separated list of scopes to be requested during authorization. |
“API Access Token” Authentication Type
Remote Setup in Shopify – performed by your customer
Starting January 1, 2026, it’s no longer possible to create new custom apps in the Shopify admin area.
Existing custom apps can still be used to authenticate a Shopify (OAuth) Connector however.
In your customer’s Shopify store, find the API access token of a legacy custom app by following these steps:
- Select Settings.
- Select Apps.
- Select Develop app.
- Select the relevant app.
- Select the API credentials tab.
- Make a note of the API access token under the Admin API access token heading.
The Admin API access scopes parameter must include scopes that target the Shopify (OAuth) Connector Methods you intend to use. More details can be found in the App Scopes section above.
Shopify’s own guide on access scopes can be found here.
Cyclr Connector Installation
When installing a Shopify (OAuth) Connector using “API Access Token“ Authentication, the following values are used:
| Property | Description |
|---|---|
| API Access Token | The API access token of the Shopify store’s custom app. |
| Hostname | The hostname of the Shopify store to connect to. For example, if you would login to it using: https://example.myshopify.com/adminYou would provide a value of just: example.myshopify.com |