Skip to content
Storemend

Guide · store access & security

Is it safe to give a developer access to your Shopify store?

Written by Astrid, Shopify developer Last updated:

The short version

Yes, it's safe — as long as you do it the Shopify way. Use a collaborator request with scoped permissions instead of handing over your password, give only the access the job actually needs, and insist the work happens on a duplicated, unpublished copy of your theme. Done like that, the developer can fix or build what you need without ever touching your live store, your customer data, or your billing — and you can revoke the access in one click the moment the job's done.

What “developer access” to a Shopify store actually means

When someone says they need “access” to your Shopify store, that can mean very different things — and the differences are the whole safety story. The risky version is sharing your owner login: your email and password, which hand over everything at once. The safe version is granting a collaborator account with specific permissions, which is the path Shopify built precisely so merchants don't have to share passwords with outside developers.

So the honest answer to “is it safe?” isn't yes or no — it's it depends entirely on which kind of access you grant and how it's scoped. The rest of this guide is how to make sure you're granting the safe kind.

Collaborator account vs staff account vs your password

There are three ways to let someone work on your store. Only two of them are appropriate for an outside developer, and only one is what I'd recommend by default:

Method Who it's for Scoped permissions? Uses a staff seat?
Collaborator account Outside developers & agencies (Shopify Partners) Yes — you pick exactly what they can see No
Staff account Your own team members Yes, but it's one of your paid seats Yes
Sharing your password No one — ever No — it's all-or-nothing N/A — full owner access

A collaborator account is requested by a Shopify Partner and approved by you. It doesn't consume one of your paid staff seats, and you control which permissions it gets. A staff account is one of your own team seats — fine for an employee, but overkill (and a wasted seat) for a one-off project. Sharing your password is the one to rule out completely: it gives whoever has it total control of your business, it can't be scoped, and you can't cleanly take it back without changing your password and re-securing the account.

Why you should never share your Shopify password

Even with a developer you trust, a shared password is the wrong tool. Here's why it's worth being firm about:

  • It's all-or-nothing. Your password unlocks orders, customer data, payouts, and billing — not just the theme that needs fixing. There's no way to narrow it.
  • It breaks your two-factor login. To hand over a password you usually have to weaken or work around the security on your own account.
  • You can't see who did what. Anything done under your login looks like you did it — there's no separate trail.
  • Taking it back is messy. Revoking a collaborator is one click. “Un-sharing” a password means changing it and checking nothing else was altered.

There's a simple rule that travels well: a real Shopify developer will never ask for your password, because they don't need it. If someone does, that alone is reason to pause.

How to grant collaborator access safely (step by step)

The flow is short, and every step happens inside your own Shopify admin — you stay in control the whole way:

  1. Step 1

    The developer sends a collaborator request from their Shopify Partner Dashboard. It appears in your admin under Settings → Users (older admins call it Users and permissions).

  2. Step 2

    If your store uses a collaborator request code, it's shown on that same page — you share that 4-digit code with the developer first so their request can reach you. (Not every store requires one.)

  3. Step 3

    Read the requested permissions before you approve. The request lists exactly what they're asking to access. Make sure it matches the work — a theme fix shouldn't be asking for your orders or customers.

  4. Step 4

    Click approve. That's it — the developer now has the scoped access, no staff seat used, and no password ever changed hands.

If you'd like to see what each of these moments looks like on your side of the screen, I've drawn the whole flow out on my how store access works page.

Permissions to scope, and ones to think twice about

The golden rule is least privilege: grant only what the specific job needs, nothing extra. As a rough guide to what different jobs actually require:

  • Theme work, sections, layout, speed — usually just Themes.
  • Checkout, shipping, taxes, store config — needs Settings.
  • App installs, tracking pixels, integrations — may need Apps.
  • Product or collection editsProducts.

The ones to think twice about are the sensitive scopes: Customers, Orders, Finances, and full admin access. None of these belong on a routine theme or app job. If they're being requested, ask plainly why — there may be a legitimate reason (a fix that genuinely touches orders, say), but it should be one the developer can explain, not a default they tick out of habit.

Red flags that a developer is asking for too much

A handful of warning signs are worth knowing before you approve anything. Any one of these is a reason to slow down and ask questions:

  • They ask for your password or owner login instead of sending a collaborator request.
  • They request full access or sensitive scopes (customers, orders, finances) for a job that clearly doesn't touch them.
  • They won't tell you which permissions they need, or get cagey when you ask why.
  • They want to edit your live theme directly rather than work on a copy.
  • They ask you to turn off two-factor authentication on your account.

A trustworthy developer makes the access story easier to say yes to, not harder — clear scope, on a copy, revocable, explained in writing.

How I handle access on every Storemend job

Since this is how I work, here's exactly what to expect from me — so you can hold any developer (including me) to it:

  • Never your password. I send a collaborator request from my Partner Dashboard; you approve it in Settings → Users.
  • Scope listed up front. The exact permissions I'll need are written on your proposal before you accept — no surprise scopes after the fact.
  • Work on a copy. Everything happens on a duplicated, unpublished theme. Your live store stays untouched, you preview and approve before anything publishes, and every change is recorded with how to undo it.
  • Just me. I work alone — no team, no subcontractors — so your access is never passed around.
  • Removed at the end. When the job closes, I remove my own access. It shouldn't linger, and it doesn't.

If you want the deeper version of the “work on a copy” promise, that's my safety protocol; the access mechanics live on how store access works.

How to revoke access when the work is done

This is the part that makes the whole arrangement low-risk: you hold the off switch, and it's instant. To remove a collaborator's access yourself, go to Settings → Users in your admin, open the collaborator, and remove them — one click, no explanation needed, and it doesn't affect your store. You can do this the moment a job is finished, or at any point during it if you change your mind.

A good developer removes their own access when they're done anyway, so it doesn't stay open after delivery — but the power is always yours, which is exactly how it should be.

Want a fix done safely, the way described here?

Describe the problem in plain English. You'll get a written proposal with the exact permissions I'll need listed up front, all work happens on a copy of your store, and you approve before anything goes live. No pressure — if it's not a fit, I'll tell you straight.

Start the chat See how store access works

Frequently asked questions

Do I have to give a developer my Shopify password?

No, and you shouldn’t — a good developer will never ask for it. Shopify has a proper way to do this: I send a collaborator request from my Partner Dashboard, you approve it in your admin under Settings then Users, and I get only the specific permissions the job needs. It doesn’t use one of your staff seats, and you can revoke it with one click anytime.

What’s the difference between a collaborator account and a staff account?

A collaborator account is requested by a Shopify Partner and approved by you; it doesn’t consume one of your paid staff seats and is meant for developers and agencies. A staff account is one of your own team seats. For outside developer work, scoped collaborator access is the safer, cleaner choice — and it’s the one I always use.

What permissions should I give a Shopify developer?

Only the ones the job actually needs. For most theme work that’s Themes; a checkout or shipping fix needs Settings; an app or tracking job may need Apps. On every Storemend job the exact permissions are listed on your written proposal before you approve anything, so there are no surprise scopes.

Can I take access away when the work is done?

Yes — you can revoke collaborator access from your admin at any time, instantly, without affecting your store. I also remove my own access when the job is finished, so it never lingers after delivery.

How do I know a developer won’t break my live store?

Insist that all work happens on a duplicated, unpublished copy of your theme — your live store stays untouched while the work is done, and you preview and approve before anything is published. That’s the safety protocol I run on every job, and every change is recorded with how to undo it.