What API development services do you offer?

We offer REST API development, GraphQL APIs, third-party API integration, Laravel API development, and API security implementation. We also provide DevOps services including AWS infrastructure and CI/CD pipelines.

Where are you based and do you work with clients across the UK?

We're based in Leeds, West Yorkshire, but we work with clients across the entire United Kingdom including London, Manchester, Birmingham, and beyond. We work remotely with businesses throughout Britain.

What technologies do you specialise in?

We specialise in Laravel and PHP for backend development, along with RESTful APIs, GraphQL, Node.js, AWS, Docker, Kubernetes, and CloudFlare. We also work with MySQL and PostgreSQL databases.

Do you provide ongoing support after project completion?

Yes, we offer ongoing support and maintenance packages to ensure your APIs and applications continue running smoothly. This includes monitoring, updates, security patches, and performance optimisation.

Shopify Legacy API Decommissioned - What It Means for Developers and Businesses

As of today, 1st January 2026, Shopify has officially retired the ability to create new legacy custom apps directly from the Shopify Admin. If your workflow relied on generating API tokens through Settings > Apps and sales channels, that path is now closed for good.

This is a significant change for developers and businesses alike. Here is what you need to know and, more importantly, what you should do about it.

What has actually changed?

Previously, merchants and developers could create custom apps directly from the Shopify Admin panel. This generated a permanent API access token that could be used immediately for external integrations. It was quick and convenient, but it came with serious security trade-offs.

From today, all new custom apps must be created through the Dev Dashboard (also known as the Partner Dashboard). Authentication now uses the OAuth 2.0 client credentials grant, a flow specifically designed for secure server-to-server integrations.

The good news is that existing custom apps are not affected. They will continue to work as before. However, Shopify has made it clear that further legacy features may be retired in the future, so relying on old workflows indefinitely is not a safe strategy.

Why did Shopify make this change?

The core motivation is security. Legacy custom apps used API tokens with no expiry date. If those tokens were ever leaked or exposed, they provided indefinite access to store data with no way to automatically rotate or revoke them through a managed lifecycle.

The Dev Dashboard approach addresses these concerns by enforcing proper token management, providing better visibility into app ownership and activity, and supporting role-based access controls. If a developer or agency leaves your team, you can revoke their access instantly without disrupting your other integrations.

The bigger picture - REST API is legacy too

This change does not exist in isolation. Shopify marked the REST Admin API as legacy back in October 2024. Since April 2025, all new public apps have been required to use the GraphQL Admin API exclusively.

For existing apps, Shopify has been announcing migration timelines throughout 2025. The direction is clear - GraphQL is the only supported API going forward. REST endpoints will not receive new features, and developers should expect a full deprecation timeline to be published soon.

GraphQL offers genuine advantages for Shopify integrations. You can query multiple resources in a single request, request only the data fields you actually need, and benefit from cursor-based pagination that handles large datasets more reliably than REST's offset-based approach. It also supports the expanded 2,048 product variant limit that REST simply cannot handle.

What should you do right now?

Whether you are a developer maintaining Shopify integrations or a business relying on custom apps, here is a practical checklist to work through:

Audit your existing custom apps. Document each app's purpose, the API scopes it uses, and whether it relies on legacy authentication tokens.
Set up your Dev Dashboard workflow. If you need to create new integrations from today, familiarise yourself with the Partner Dashboard and the OAuth 2.0 client credentials flow.
Plan your REST to GraphQL migration. If any of your integrations still use the REST Admin API, start mapping your endpoints to their GraphQL equivalents. Shopify provides a migration guide and the admin_graphql_api_id property in REST responses to help bridge the transition.
Review third-party tools and middleware. Any external tools, ERPs, or middleware platforms that connect to your Shopify store via legacy methods will need updating. Check with your vendors to confirm their migration plans.
Migrate sooner rather than later. Existing apps work today, but Shopify has a track record of tightening timelines. Early migration means you are in control of the process rather than reacting to a deadline.

How we can help

At The API Guys, we build and maintain API integrations using Laravel as our primary framework. We have been helping businesses navigate platform shifts like this for years, and Shopify's move towards modern authentication and GraphQL is exactly the kind of challenge we specialise in.

Whether you need to migrate existing custom apps to the Dev Dashboard, rebuild REST-based integrations using GraphQL, or simply want an expert review of your current Shopify setup, we are here to help.

Do not wait until Shopify retires more legacy features. The best time to modernise your integrations is now. Get in touch to discuss your Shopify integration needs.