Shopify Integration

Last modified: June 29, 2026

Shopify

Starting with Shopify API version 2026-04 (and for all new apps created from 2026 onwards), Shopify requires integrations to use the official OAuth flow. Instead of providing a permanent Admin API token, Shopify applications now authenticate using a Client ID and Client Secret, which Trustvoice exchanges for short-lived access tokens automatically.


What Trustvoice needs

Please provide:

  1. Client ID
  2. Client Secret
  3. Your Shopify store URL Example:
    https://example.myshopify.com
    
  4. Your public storefront URL (if different from the myshopify.com address, and for all domains used)

Create the Trustvoice app

1. Open Shopify Admin

Log in as a store owner.

Go to:

Apps → Develop apps

If this is your first time, you may need to enable app development.

Click Build apps using Dev Dashboard.


2. Create an app

In the Shopify Dev Dashboard:

  • Click Create app
  • Name it for example:
Trustvoice Integration

3. Configure API permissions

Create a new app version (or edit the current draft version) and grant these Admin API scopes:

Scope Access
read_orders Read
read_all_orders (optional, recommended) Read
read_products Read
read_locales (optional, recommended for multi-language sites) Read

The read_all_orders permission is only needed if Trustvoice should be able to import orders older than Shopify’s default 60-day window.

Release the app version after configuring the scopes.


4. Install the app

Once the app version has been released:

  • Install the app on your store.
  • Approve the requested permissions.

This step is required before Trustvoice can access your store.


5. Send the credentials to Trustvoice

In the app Settings, copy:

  • Client ID
  • Client Secret

Send them to Trustvoice using a secure method (for example a password manager or encrypted email).

Do not send API credentials in ordinary email or chat.


How authentication works

After installation, Trustvoice automatically exchanges the Client ID and Client Secret for temporary OAuth access tokens.

No permanent Admin API access token needs to be generated or shared with Trustvoice.


Security

⚠️ Never send Client Secrets through ordinary email or open chat.

Always use a secure transfer method.