Skip to main content
Help Center
Getting started 4 min read·Updated Jul 8, 2026

How to connect a Shopify store with a read-only Admin token

Connect your store the safe way: install the Magistry app or drop in a read-only Admin token, run the audit, add write scopes only when you're ready.

There are two ways to connect a store. The preferred path is installing the Magistry Shopify app — a public unlisted flow that handles scopes and rotation for you. The fallback is a custom app you create yourself, with an Admin API token you paste into Magistry. Both start read-only, on purpose.

Path 1 — install the Magistry app (preferred)

  1. 1In Settings → Integrations, click Connect Shopify. You're routed through the unlisted install flow on Shopify's side.
  2. 2Approve the read scopes. Write scopes are not requested at this stage.
  3. 3You land back in the setup wizard, which tracks the connection live — you'll see catalog and order counts fill in as the first sync runs.
app.magistry.io/dashboard/onboarding
The setup wizard verifying the Shopify connection, with catalog and order counts filling in as the first sync runs
The wizard verifies the Shopify connection against real synced data — counts fill in as the first sync runs.

Path 2 — custom app with an Admin token

  1. 1In Shopify admin, go to Settings → Apps and sales channels → Develop apps, and create a custom app.
  2. 2Grant read scopes only: read_products, read_orders, read_inventory. Skip every write scope.
  3. 3Install the app and copy the Admin API access token (shown once).
  4. 4Paste it into Magistry under Settings → Integrations. The wizard validates it immediately and starts the sync.

Why read-only first

With read access the full audit runs — catalog classification, margin analysis, dead-inventory flags — with zero write risk. Nothing Magistry does in this phase can touch your store. It reads, it proposes, it shows you the rows.

Write scopes come later, as a separate deliberate step, when you enable automation for a specific surface. You'll know exactly when that happens because you're the one who does it.

Connect read-only, let the audit run, and decide about write access after you've read what the agents would have done.

// still stuck?

Talk to a human who knows your store.

Live chat Mon–Fri 09:00–18:00 CET, email with a 24-hour SLA, or a 30-minute call. Support reads the same decision_log you do.

Free to read · No email gate · Versioned with the platform