Klaviyo: 'Your Shopify credentials have expired' — fix

---

title: "Klaviyo: 'Your Shopify credentials have expired' — fix" description: "Resolve the expired-Shopify-token error in Klaviyo — OAuth refresh, scope changes, app uninstall race conditions, and how to prevent silent recurrence." slug: "klaviyo-token-expired-shopify" publishedAt: "2026-05-19" updatedAt: "2026-05-19" painCluster: 4 intent: 9 tier: 4 faq:

• q: "What does 'Your Shopify credentials have expired' mean in Klaviyo?" a: "It means the OAuth token Klaviyo uses to query Shopify has expired or been invalidated. Klaviyo can't pull new order data, sync products, or receive webhook events until the token is refreshed. Existing data in Klaviyo is still there; future syncing is paused."
• q: "How do I fix the expired-credentials error?" a: "Settings → Integrations → Shopify → click Reconnect. Klaviyo will redirect to Shopify, you'll re-authorize, and the new token is in place within minutes. The fix itself is fast; the cost is the gap between when the token expired and when you noticed."
• q: "Why did the token expire silently?" a: "OAuth tokens can be invalidated for several reasons. The Klaviyo app was uninstalled from Shopify and reinstalled (creates a new token). Shopify's scope requirements changed and the existing token doesn't cover the new scope. The store's plan tier changed in a way that affects scope. The Shopify admin user who originally authorized the integration left the account."
• q: "Did I lose data while the token was expired?" a: "Some, depending on how long. Real-time webhook events (Placed Order, etc.) that fired during the expired window are not retroactively delivered when you reconnect. Profile and order data created during the gap will sync forward, but historical event data from the gap is partial. For a multi-day expiration, expect attribution issues for that period."
• q: "How quickly does Klaviyo notify me when the token expires?" a: "Klaviyo shows the error in the Integrations page when you visit it. There is no proactive notification — no email, no in-app alert, no dashboard banner. You find out when you happen to check the integration page or when downstream symptoms (broken abandoned cart, missing revenue) prompt investigation. The lead time gap is the entire problem."
• q: "Can I prevent the token from expiring?" a: "Not entirely — token expiration is a Shopify-side behavior tied to admin user lifecycle and scope changes. What you can do is monitor the integration's health proactively so the moment a token expires, you know. The fix takes minutes; the detection lead time is what matters."
• q: "Does the expired token affect all my Klaviyo flows?" a: "Any flow that depends on Shopify-sourced events (abandoned cart triggered by Started Checkout, post-purchase triggered by Placed Order, browse abandonment triggered by Viewed Product) will lose its trigger event stream during the expired window. The flow itself looks healthy in the UI but receives zero new entries."
• q: "Will Playbook detect a Shopify token expiration?" a: "Yes — within an hour. This is one of our highest-confidence detection signals because the symptom is unambiguous (Klaviyo's integration status reports the expired state). We surface the finding immediately with a deep link to the Klaviyo integrations page where you reconnect." related:
• klaviyo-shopify-integration-not-syncing
• klaviyo-checkout-started-event-not-working
• klaviyo-abandoned-cart-flow-not-firing
• klaviyo-flow-stopped-generating-revenue

---

The "Your Shopify credentials have expired, please re-authenticate" error is one of the most consequential silent failures in Klaviyo. The error itself is benign — re-authentication takes about 90 seconds. The cost is everything downstream: every flow that depends on Shopify events stops receiving triggers, every webhook-driven sync pauses, and the longer the token stays expired, the more data you'll never recover.

This page covers what the error means, why it happens, how to fix it, and how to prevent the next silent recurrence.

Quick fix in 90 seconds

If you're seeing the error right now:

1. Klaviyo → Settings → Integrations → Shopify.
2. Click Reconnect (button is typically prominent at the top of the integration page when a token is expired).
3. Authorize in the Shopify OAuth flow that opens. Confirm the scopes are what you expect.
4. Verify the integration shows as connected after redirect back to Klaviyo.
5. Check that webhook events are flowing. Analytics → Metrics → Placed Order. Events should land within a few minutes of new orders.

That's the fix. The rest of this page is about understanding why it happened and how to prevent the next one.

Why OAuth tokens expire

A Shopify OAuth token is a credential that authorizes Klaviyo to act on behalf of a Shopify admin user. Tokens can be invalidated for several reasons, most of them silent.

App reinstall. If the Klaviyo app was uninstalled from Shopify (by you, by a contractor, by anyone with Shopify admin access) and reinstalled, the old token is invalidated. Reinstall creates a new token, and Klaviyo needs to be re-authorized to use it.

Scope change. Klaviyo periodically updates the scopes it requests (which API permissions it wants from Shopify). When scope changes, the existing token may not cover the new scope, and Shopify treats this as an authorization failure. You'll need to re-authorize to grant the new scope.

Admin user departure. The Shopify admin user who originally authorized the Klaviyo connection can have their access revoked or leave the organization. If their account is deleted, the token authorized under their account stops working.

Shopify plan change. Some Shopify scope changes are tied to plan tier — upgrading from Shopify to Shopify Plus, or downgrading, can invalidate scopes that were previously granted.

Security event. If Shopify's security systems flag suspicious activity on the account, all OAuth tokens may be invalidated as a precaution. This is rare but happens.

Manual revocation. A Shopify admin can revoke any app's access via Shopify Settings → Apps → app permissions. Intentional revocation invalidates the token immediately.

None of these events produce a notification to the Klaviyo user. Shopify and Klaviyo are separate platforms; Shopify-side events don't push notifications to Klaviyo UI. The user finds out by checking the Klaviyo Integrations page or by symptom (broken flow, missing data).

What stops working when the token is expired

A lot. The Shopify integration is the source of most ecommerce data in Klaviyo, so a broken token degrades everything that depends on it.

Webhook events stop flowing. Placed Order, Checkout Started, Refunded Order, Fulfilled Order — all Shopify webhooks land in Klaviyo via the OAuth-authorized webhook endpoints. Expired token means events stop landing.

Catalog sync pauses. Product information, including new products, price changes, and availability, doesn't sync. If your flows reference product properties or your campaigns include dynamic product blocks, the data backing them goes stale.

Customer data sync pauses. New customers created in Shopify don't sync to Klaviyo until reconnection. Customer property updates also pause.

Onsite tracking continues (technically). The Klaviyo.js snippet on your storefront isn't dependent on the OAuth token — it pushes events directly to Klaviyo's API using a public key. So Viewed Product and similar client-side events keep flowing during a token expiration. This is a partial saving grace, but most ecommerce flows depend on server-side events (Started Checkout, Placed Order) that are gated by the token.

Flows still show as Live. This is the trap. The Klaviyo UI shows every flow as Live regardless of whether its trigger events are landing. From the dashboard, nothing looks wrong.

The hidden cost: data you don't get back

Webhook events that fire during the expired window are not retroactively delivered when you reconnect. This is critical and often underappreciated.

Imagine the token expires Monday morning. Klaviyo doesn't receive any new Placed Order, Started Checkout, or Refunded Order events from Monday morning through Thursday afternoon (when you finally notice and reconnect). Thursday afternoon, reconnection succeeds and new events start landing immediately.

The events from Monday-Thursday are gone. Klaviyo doesn't know those orders happened in the way it would have known if the integration had been live. Some data syncs forward via other paths (customer profiles get reconciled, order history can be backfilled in some cases), but the per-event signal that drives flow triggers is permanently missing.

Practical implications:

• Abandoned cart flow didn't fire for Mon-Thu Started Checkout events. Customers who abandoned during that window never received recovery emails.
• Post-purchase flow didn't fire for Mon-Thu Placed Order events. Customers who purchased during that window never received their post-purchase sequence.
• Revenue attribution for the window is incomplete. Campaigns that drove conversions during the window may not be properly credited.
• Replenishment timer logic is off for that window's orders. The flow may fire at the wrong time or not at all.

The fix is to reconnect the integration, but the recovery work for the gap is real and partial.

How to prevent silent recurrence

There's no way to prevent token expiration entirely — many of the underlying causes (Shopify-side admin changes, scope updates, security events) aren't visible from your side until the token has already expired. What you can do is collapse the detection lead time so the gap is hours, not days.

Option 1: Manual periodic checks. Visit Klaviyo's Integrations page weekly. Confirm the Shopify integration shows healthy. Low cost, high latency — typical lead time 3-7 days. Better than nothing.

Option 2: Internal monitoring script. Build a script that hits Klaviyo's API periodically and checks integration health. Engineering work to build, ongoing maintenance, but eliminates the human checking. Lead time of an hour or less.

Option 3: Continuous monitoring service. Use a third-party monitoring layer that handles the integration-health check among other signals. Playbook does this — hourly scans, immediate finding when integration health flips to error, deep link to the reconnect page.

A complementary practice regardless of detection method. Document, in writing, who authorized the original Klaviyo integration. If that person leaves the organization, treat re-authorization as part of their offboarding checklist. This eliminates one of the more painful failure modes — the one where the integration breaks months after the original authorizer left because their Shopify access was revoked at the offboarding.

What to do right now

Three actions worth taking today, regardless of whether you're currently hitting the error.

1. Verify the integration is healthy. Settings → Integrations → Shopify. Confirm connected status. Confirm recent events are landing (Analytics → Metrics → Placed Order, last event within expected freshness).

2. Note who authorized it. Document the Shopify admin user account that owns the OAuth authorization. Add a note in your team's documentation. This matters for offboarding scenarios.

3. Set up a check pattern. Either calendar reminders to check weekly, an internal API monitoring script, or a continuous monitoring service. Pick one — the manual check is fine if your operation is small.

The total cost of a silent token expiration scales with your transaction volume and the duration of the gap. A high-volume store with a 4-day expiration can lose tens of thousands of dollars in unrecovered cart-abandonment revenue, missed post-purchase touchpoints, and broken attribution. The fix is 90 seconds; the lead time is the cost.

Catching this within an hour of when it happens is one of the highest-leverage monitoring signals in the entire Klaviyo stack. Detection is the hard part; remediation is trivial.