How do I connect Make to Shopify in 2026? (After Shopify Update)

What is your goal?

I want to connect Shopify stores to Make.com in a way that is secure, scalable, and suitable for client work, without requiring clients to share their Shopify email/password.

Specifically, I want to authenticate Shopify → Make using API access (custom app / token-based) rather than logging in to Shopify via OAuth with credentials (I wouldn’t want clients sharing credentials with me).

What is the problem & what have you tried?

Previously, doing this has been simple:

• Create a custom / legacy app inside Shopify Admin
• Copy the Admin API access token
• Paste store name + token into Make
• Use Shopify (custom app / legacy) connection

This avoided sharing email/passwords and was ideal for agency setups.

However, as of January 1, 2026, Shopify has changed how apps are created:

• You can no longer create legacy custom apps the old way
• Apps must now be created via the Shopify Dev Dashboard
• When creating an app via the Dev Dashboard, there is no visible Admin API access token to copy
• Only Client ID / Client Secret are available, and these don’t work for integration. Make is expecting “Admin Access API Token”

This creates a problem:

Make’s Shopify modules expect either:

• OAuth login (which requires logging into Shopify), or
• A static Admin API access token (which Dev Dashboard apps no longer expose)
• I do not want to ask clients for their Shopify email/password to connect Make
• The OAuth flow via the Make Shopify app still requires logging into Shopify, which I want to avoid for client security reasons

I am not a dev, and I don’t know what else to try. Any suggestions are appreciated.

Here is a video on what used to happen in Shopify: https://www.youtube.com/watch?v=A_pdSNFFCYM - this is a GHL tutorial. It is the exact same process.

Error messages or input/output bundles

No specific error messages - this is a platform limitation / missing authentication option, not a runtime error.

The issue is that (thanks to Shopify’s new update) there is no Admin API access token available to paste into Make when using the new Shopify Dev Dashboard app creation flow.

Create public scenario page

N/A

Screenshots (scenario flow, module settings, errors)

Screenshot_39.png583×628 16.4 KB

More screenshots:

Screenshot_39583×628 16.4 KB

Screenshot_43601×672 28.2 KB

Screenshot_42905×865 51.1 KB

Screenshot_41812×880 27.7 KB

Screenshot_40832×874 36.7 KB

Are you getting an error message or something when using the client ID and secret?

Yes, I’m seeing “Status Code Error: 403”

Just to clarify, you are using the new connection type right?

image1137×873 71 KB

With the correct domain and Scopes?

image495×249 14.3 KB

I’m intentionally using Shopify (custom app) (legacy).
The newer Shopify connection in Make requires OAuth login into the client’s Shopify admin, which isn’t suitable for my use case (agency setup, no client credentials).

The issue I’m running into is that since Shopify’s Jan 2026 changes, apps created via the Dev Dashboard no longer expose a copyable Admin API access token, which the legacy Make connector requires.

That’s the gap I’m trying to solve - a password-less way to connect Shopify to Make now that legacy custom apps/tokens aren’t accessible anymore.

That is not possible. OAuth2 is a safety feature and there is a reason why providers are switching to this standardized framework. It requires actual authorization rather than just sharing an API key string that can get stolen or lost.

For agency setups: yes, this means more friction. Since the OAuth flow happens inside your Make environment (which your client doesn’t have access to), there’s no clean way around it. Either you share screen / do a call while they authenticate, give them (temporary) access to your Make account, or they share their Shopify credentials so you can complete the OAuth flow on their behalf. Is there a reason why customer’s cannot share their credentials with you? I mean, you have access to the data either way… OAuth2 just changed how you get that access.

Cheers,
Henk

Hi Henk,

I see. Thank you for this explanation.

This is my first time doing any agency work like this. So I don’t know how comfortable people will be to share their email/password login with me. In my head, if I were using an agency and they asked me for my email/password, I’d be slightly sketched out by it. So I’m just trying to avoid that at all costs.

Do you think I’m maybe making a bigger deal of this than it’s worth? Will clients care that much?

You are right to think that people are reluctant to share their credentials, and I understand your restraint in asking for it. It comes down to a trust issue and a data safety concern.

We never have issues with our customers sharing their credentials. That is because we clearly communicate that in order to work with their data, it is a necessity that we have safe acces to their data. The only way to get that is by them sharing their credentials. For audit purposes, they often create a new login for us. We also sign data agreements and our customers have full trust in the way we handle both sensitive data and any credentials shared with us.

In our experience, clients care for a solution, they care very little for how it is built and even less for what is needed in order to built it. Apart from some edge cases, clients just want you to make it happen.

Yeah they don’t have a choice. I have a secure form for password sharing that I send along with the contracts.

If they want to have work done, then either setup the connections themselves, or they need to give me the passwords.

And like Henk said, most clients care about the end result and the majority are not tech savvy anyways.

I’ve had people just send me passwords over WhatsApp or email without any care at all.