# Authentication ## How it works IDC uses one of two authentication methods to keep your Shopify connection secure. For a standard connection, IDC stores your API password and includes it with every request to Shopify. For a Developer Dashboard connection, IDC exchanges your Client ID and Client Secret for a short-lived access token, which it caches and automatically refreshes before expiration. Either way, your credentials are encrypted and stored in NetSuite. IDC never shares them with external services and rotates tokens automatically. ## Connection modes {% tabs %} {% tab title="Standard connection" %} **When to use:** You have a static API password (access token) from your Shopify store. IDC stores your API password and includes it as the `X-Shopify-Access-Token` header in every request to Shopify's Admin API. The password does not expire unless you revoke it in your Shopify account. **Re-authorization:** If you revoke or reset your API password in Shopify, return to the Shopify app's Credentials page in IDC and update the API Password field with the new token, then click Save. {% endtab %} {% tab title="Developer Dashboard connection" %} **When to use:** You're using an OAuth app registered in the Shopify Partner Dashboard. IDC exchanges your Client ID and Client Secret for an access token via Shopify's OAuth endpoint. The token is short-lived (typically valid for \~24 hours). Before it expires, IDC automatically requests a new token in the background using your Client ID and Client Secret. If the refresh fails, you'll see a connection error in the IDC dashboard. **Enable this mode:** Check the **Dev Dashboard Connection?** checkbox in the Shopify app settings, then enter your Client ID and Client Secret on the Credentials page. {% endtab %} {% endtabs %} ## When credentials expire **Standard connection:** Your API password does not expire unless you revoke it in Shopify. If you revoke it, IDC will immediately fail all requests until you provide a new one. **Developer Dashboard connection:** IDC automatically renews the access token in the background. You don't need to do anything — token renewal is automatic. ## Re-authorizing If the connection breaks and you see a **Failed** status: 1. Open the Shopify app in the IDC dashboard. 2. Click **Credentials** (or **Connect**). 3. Verify that your credentials are correct: * For standard connection: Make sure your API password hasn't been revoked in Shopify. * For Developer Dashboard: Confirm your Client ID and Client Secret are still valid in the Partner Dashboard. 4. If you need to update credentials, clear the fields, enter the new values, and click **Save**. 5. IDC will re-authenticate and display a **Connected** status. ## Common authentication issues | Symptom | What to try | | ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | "Connection shows as Failed" | Check that your credentials are correct and haven't been revoked in Shopify. Update them on the Credentials page and click Save. | | "Flows won't run / timeouts during sync" | Verify your Shopify store has API access enabled and that your API password (or Client Secret) has not been reset. | | "Dev Dashboard connection fails after 24 hours" | This is normal. IDC will automatically refresh the token. If the issue persists, check that your Client ID and Client Secret are still valid in the Partner Dashboard. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.in8sync.com/idc/shopify/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.