Shopify

This guide covers what ParcelPilot needs to connect to Shopify, where to find it in Shopify, and where to enter it in ParcelPilot.

What ParcelPilot needs

You’ll typically provide:

1. Store domain (e.g. your-store.myshopify.com)
2. API Key (Shopify app API key)
3. Admin API Secret (Shopify app API secret key)
4. Access Token (Admin API access token)
5. Webhook signing secret (optional; usually the API secret key)

If ParcelPilot is configured with one shared Shopify app centrally, the merchant may only need:

1. Store domain
2. Click Connect Shopify (OAuth)

In that setup, ParcelPilot handles the shared app credentials and stores the shop-specific access token after the merchant approves the connection.

ParcelPilot's Shopify OAuth flow also requests read_locations so it can read the store's Shopify locations during setup and syncing.

When shared Shopify app mode is enabled, ParcelPilot hides the manual Shopify credential fields in the integration form because the merchant normally only needs the store domain plus Connect Shopify (OAuth).

Where to find it in Shopify

Create or open the app

1. Shopify Admin → Apps
2. Develop apps
3. Create a new app (or open your existing ParcelPilot app)

Configure Admin API scopes (permissions)

In the app:

1. Go to Configuration
2. Under Admin API integration, select the scopes ParcelPilot requires

Common scopes (adjust based on features you use):

• Orders: read_orders
• Fulfillments/tracking push: write_fulfillments
• Inventory sync: read_inventory, write_inventory
• Products: read_products
• Locations (recommended): read_locations

If you see a 403 about read_locations, the merchant must approve the scope (and you may need to reinstall / re-authorize the app).

Install the app to generate an access token

1. In the app, click Install app
2. After install, Shopify will show the Admin API access token

Get API credentials

In the app:

1. Go to API credentials
2. Copy:
   • API key
   • API secret key
   • Admin API access token

Store domain

Your store domain is the *.myshopify.com domain for the store, e.g.:

• olsson-scandinavia.myshopify.com

Where to enter it in ParcelPilot

ParcelPilot Admin → Integrations → Client Integrations → create/edit an integration with Platform = Shopify.

Fill these fields:

• Store domain → store_domain
• API Key → credentials.shopify.api_key (optional if ParcelPilot uses a centrally configured Shopify app)
• Admin API Secret → credentials.shopify.api_secret (optional if ParcelPilot uses a centrally configured Shopify app)
• Access Token → credentials.shopify.access_token (usually filled after OAuth connect)
• Webhook signing secret (optional) → credentials.shopify.webhook_secret

Optional display settings:

• Order number prefix → settings.order_number_prefix
• Order number suffix → settings.order_number_suffix

Operational settings:

• Push shipment confirmations (tracking) back to ecommerce platform → settings.push_ship_confirms
• Mirror tracking status from Shopify (only if needed) → settings.shopify_tracking_mirror_enabled

Recommended setup approach

• Start by connecting with the minimum required scopes.
• If you want ParcelPilot to push tracking/fulfillments, enable write_fulfillments and turn on Push shipment confirmations.
• If you want inventory syncing, ensure read_locations is approved and configure inventory-related scopes.

Troubleshooting

403 Forbidden: missing read_locations scope

If ParcelPilot logs show an error like “merchant approval required for read_locations scope”, the Shopify merchant must approve it.

Fix:

1. Add read_locations to the app scopes
2. Reinstall / re-authorize the app on the store

(There is also an internal workaround using an explicit location id if configured, but the recommended fix is to approve read_locations.)

Access token not found

If Shopify doesn’t show an Admin API access token, ensure the app is installed on the store.

Missing orders?

If orders are missing in ParcelPilot, you can manually backfill using Pull Orders on the integration:

• Pull Orders from eCommerce (manual backfill)

Security notes

• Treat the Admin API access token like a password.
• Only share credentials through a secure channel.
• Rotate tokens if you suspect exposure.

See also

• If inventory sync is blocked by Shopify location permissions, use the troubleshooting steps above for the read_locations scope issue and re-authorize the app if needed.