Enable Shopify-managed installations for your app
Shopify managed installation is an installation method where Shopify installs an app and updates its access scopes without making any calls to the app. This provides the following advantages for the developer and user:
-
Improved performance: No browser redirects during installation or updates.
-
Less complexity: Embedded apps can use token exchange to acquire access tokens, and will no longer need to implement authorization code grant for installation or access scope changes.
-
Improved user experience: Faster installations and updates, and no screen flickering.
To enable Shopify managed installation, you need to share the scopes that your app requires in a configuration file that you push to Shopify.
This guide describes how to enable Shopify managed installation for your app.
If you don't use this method, then your app will use authorization code grant, and call your app to determine the required access scopes before proceeding.
Anchor to Step 1: Configure your app using Shopify CLIStep 1: Configure your app using Shopify CLI
You can configure your app locally using a TOML file with Shopify CLI. Learn how to manage your app's configuration using Shopify CLI.
Anchor to Step 2: Deploy your configuration to ShopifyStep 2: Deploy your configuration to Shopify
In your app's TOML file, the access scopes are defined in the scopes
field as shown below:
shopify.app.config-name.toml
You can update the scopes
field to include the access scopes that your app requires. For example, if your app requires access to the read_orders
and write_customers
access scope, you can update the scopes
field as shown below:
shopify.app.config-name.toml
Then you can deploy your app's access scopes to Shopify:
Terminal
Anchor to Step 3: Shopify now manages installing your app and access scope changesStep 3: Shopify now manages installing your app and access scope changes
After you deploy your app configuration with your updated scopes, Shopify handles installation and scope updates whenever you deploy changes to your configuration.
Anchor to Step 4: Acquire access tokens to make authenticated requests to Shopify APIsStep 4: Acquire access tokens to make authenticated requests to Shopify APIs
Embedded apps using Shopify managed install should acquire access tokens through token exchange.
Non-embedded apps should use the authorization code grant flow.
Anchor to Manage access scopesManage access scopes
Learn how to request more or less permissions from the merchant store from manage access scopes.