Shopify partner identity verification went live on July 9, 2026 — partners can now verify their identity before requesting collaborator access to merchant stores, and Shopify says the check becomes mandatory for new collaborator requests in the coming weeks. For agencies, the operational detail that matters most is buried in the announcement: verification is per-user, not per-organization.
That one detail changes who has to act. It is not enough for the partner account owner to verify — every individual on your team who sends collaborator requests during client onboarding needs to complete their own government-ID-plus-selfie check before enforcement flips on. Wait until a request fails mid-handoff and you have a client-facing delay; verify the whole team now and the change is a non-event.
This guide covers how the verification flow works, a role-by-role readiness checklist for agency teams, the existing collaborator mechanics the new requirement stacks on top of, and the same-day app-pricing changes that affect agencies building their own Shopify apps. One sourcing note up front: as of publication this is a developer-changelog announcement — everything below comes from Shopify's own changelog and Help Center documentation plus its developer community forum, because trade press has not yet picked the story up.
- 01Verification is live now and mandatory soon.Shopify partner identity verification launched July 9, 2026 as optional. Shopify says it becomes mandatory before sending new collaborator requests 'in the coming weeks' — no fixed date has been announced as of July 10, 2026.
- 02Per-user, not per-organization.Every individual in a partner organization who sends collaborator requests must verify separately. The account owner verifying does not cover account managers or staff who handle client onboarding.
- 03Existing client access is untouched.Verification is not required to access stores where a merchant has already granted collaborator access. It gates new collaborator requests only — which is exactly where client onboarding lives.
- 04Government ID plus selfie, processed through Stripe.The flow requires a government-issued photo ID and a selfie or liveness check, handled through Stripe's verification infrastructure. Each person needs their ID and a camera-equipped device ready.
- 05The same day brought an app-pricing expansion.Public app plan limits doubled from 4 to 8 and private plans rose from 10 to 15, alongside no-charge plan testing and an App Events API that now accepts negative and fractional values.
01 — What ChangedWhat Shopify announced on July 9, and why.
The Shopify developer changelog entry is short, but the mechanics are specific. From July 9, 2026, Shopify Partners can complete identity verification before requesting collaborator access to a merchant's store. Verification is optional today. Once enforcement begins — Shopify's wording is “in the coming weeks”, with no fixed date given — unverified users will not be able to send new collaborator requests until they complete the check.
Shopify's stated rationale is to “help protect merchants, reduce abuse, and make it harder for bad actors to operate” while improving the experience for legitimate partners — a vendor-stated goal, but a plausible one given how much access a collaborator account can carry. The changelog frames collaborator access as “one of the clearest trust moments” between merchants and partners, which explains why enforcement starts here rather than at app installs or theme access.
Our read: this is the partner-ecosystem version of the know-your-customer tightening that has been working through platform after platform. Collaborator requests are the front door through which agencies, freelancers — and, inevitably, scammers impersonating agencies — reach merchant stores. Putting a government-ID gate on that door raises the cost of running fake-agency and store-takeover schemes without adding friction for merchants themselves. If the model works here, it would be surprising if verification stopped at collaborator requests.
"Identity verification is optional today, but we recommend completing it now to avoid interruption when it becomes mandatory in the coming weeks."— Shopify developer changelog, July 9, 2026
02 — The FlowHow the verification check actually works.
The verification flow requires two things from each person: a government-issued photo ID and a selfie or liveness check, processed through Stripe's identity-verification infrastructure according to the changelog. That means each team member needs their physical ID on hand and access to a device with a camera — worth saying out loud, because the person most likely to hit a wall is the account manager trying to verify from a desktop machine with no webcam ten minutes before a client call.
Three boundaries define who is affected and when:
- Per-user scope. Every individual user within a partner organization who sends collaborator requests must verify separately. Verification is per-person, not per-organization — one verified owner does not cover the team.
- New requests only. Verification is not required to access shops where a merchant has already granted collaborator access. Your existing client roster is unaffected; the gate sits in front of new requests going forward.
- Hard stop at enforcement. Once the requirement becomes mandatory, unverified users cannot send new collaborator requests until they complete verification. The changelog describes no grace-period workaround.
Partners who want to get ahead of it can complete verification today via the Request collaborations page in the Dev Dashboard. Shopify's own recommendation is to do exactly that — verify now, before the requirement flips, so there is no interruption when it does.
Government photo ID
Each person presents a government-issued photo ID. Have the physical document ready before starting the flow — this is the input the check is built around.
Selfie or liveness check
A selfie or liveness check matches the person to the document. Processed through Stripe's verification infrastructure, per the changelog — Shopify is not building this in-house.
Verified requester
Once verified, the user can keep sending new collaborator requests after enforcement begins. Unverified users hit a hard stop until they complete the check.
03 — Readiness ChecklistWho on your team needs to verify — role by role.
The changelog is written as a flat announcement to all partners. Agency teams are not flat: the person who owns the partner account, the account managers who send collaborator requests on onboarding calls, and the delivery staff who work inside stores that clients have already granted access to all sit in different positions relative to this requirement. The table below translates the announcement into that structure — it is our operational reading of the changelog and Help Center rules, not a Shopify-published matrix.
| Role | Must verify? | Have ready | Deadline pressure | Do this today |
|---|---|---|---|---|
| Partner account owner | Yes, if they send collaborator requests | Govt photo ID + camera device | High — mandatory in the coming weeks | Verify via Request collaborations in the Dev Dashboard |
| Account managers who send collaborator requests | Yes — verification is per-user | Govt photo ID + selfie / liveness check | High — a failed request lands mid-onboarding | Schedule each person's verification this week |
| Delivery staff in already-granted stores | Not to keep existing access | Nothing yet | Low today — rises the day they onboard a new client | Verify anyway ahead of the next new-client handoff |
| New hires and future team members | Yes, before their first collaborator request | Govt photo ID + camera device | Built-in once enforcement begins | Add verification to your onboarding SOP |
The row that catches most agencies out is the second one. In many shops, collaborator requests are sent by whoever is on the onboarding call — which means the set of people who need verification is wider than “the owner” and fuzzier than any org chart. The cleanest fix is procedural: decide which named individuals send collaborator requests, verify exactly those people now, and route all requests through them. If you run Shopify builds for clients, this is the same discipline we apply in our ecommerce engagements — access paths documented per client, not improvised per project.
04 — Existing MechanicsThe collaborator rules this stacks on top of.
Identity verification does not arrive in a vacuum — it is a new layer on top of collaborator-request mechanics agencies already juggle, all documented in the Shopify Help Center. Three of them interact directly with how you should sequence verification and onboarding.
Max pending collaborator requests
A partner can have at most 10 collaborator requests open at any one time. High-volume onboarding pipelines already manage this queue — an unverified requester who suddenly cannot send new requests makes it worse at the worst moment.
Rolling access window
Collaborator access expires if the partner does not log into the store within a rolling 90-day window. Dormant client accounts already need re-granting — track this alongside verification status, not separately.
Collaborator request code
Merchants can require a 4-digit collaborator request code before any request reaches them. That pre-existing merchant-side control now stacks with partner-side identity verification — two locks on the same door.
Put together, the post-enforcement onboarding sequence for a new client looks like this: a verified team member sends the request, using one of at most 10 pending slots, supplying the client's request code if the merchant requires one — and then keeps logging in at least once every 90 days to hold the access. None of the last three rules is new. What is new is that the first step can hard-fail for any individual who skipped a five-minute ID check, and collaborator accounts remain the right vehicle for agency access: they are scoped to only the store sections the merchant grants and do not count against the store's staff-account limit.
05 — Common ConfusionThis is not the merchant identity check.
Shopify already had an identity-verification flow before July 9 — the merchant-facing one tied to Shopify Payments setup and account-recovery scenarios, documented separately in the Help Center. The new partner requirement is a different system serving a different purpose, and the two are easy to conflate because both happen to use a government ID plus a selfie or liveness check.
Why this matters practically: when a client asks “we already did identity verification for Shopify Payments — does that cover you?” the answer is no. Merchant verification covers the merchant's own account and payments eligibility; partner verification covers the individual partner user sending collaborator requests. Neither substitutes for the other, and agencies fielding client questions about the change should be ready to draw that line clearly.
06 — Same-Day ChangesThe app-pricing expansion that shipped the same day.
July 9 was a two-announcement day. Alongside identity verification, Shopify published an App Pricing update that matters to any agency building its own Shopify apps: public app plan limits doubled from 4 to 8, private plan limits rose from 10 to 15, and two quieter changes landed for billing testing and usage-based pricing.
App pricing plan limits · before vs after the July 9 update
Source: Shopify developer changelog, July 9, 2026The two quieter changes are arguably the bigger workflow wins for app builders:
- No-charge plan testing. App reviewers can now select any of a developer's existing plans during app review, removing the old need to build a dedicated throwaway test plan. Developers can also mark a plan as free so other partners can install and subscribe at no cost inside development stores — a real end-to-end billing-flow test without real charges.
- Negative and fractional App Events. The App Events API previously accepted only positive whole numbers. It now accepts negative values, so usage-based apps can credit or adjust previously reported usage, and fractional values such as 1.5 — which makes metered pricing models far less awkward to implement honestly.
For agencies that productize services as Shopify apps, doubling the public plan ceiling is a pricing-architecture unlock: eight plans is enough to run good-better-best tiers alongside annual variants without collapsing segments into one compromise plan. It's the kind of change worth revisiting your app's packaging over — something we regularly do inside web and app development engagements when platform limits move.
07 — Field ReportsDay-one wrinkles from the developer community.
The vendor changelog is one data source; the Shopify developer community thread on the pricing update is another, and it surfaced real friction within the first day. At least one developer reported the free-testing flow not working as documented — still being charged after marking a plan free and reinstalling via the Dev Dashboard. If you are testing the new billing flow this week, budget time for exactly this kind of rough edge.
A Shopify App Pricing team staffer responded in the same thread with a useful clarification: the $0 price surfaces only on the app's plan-selection page inside development stores, not on the public App Store listing — so a free test plan will not leak onto your public pricing display. The staffer also logged the thread's other feature requests, including prepaid credit-pack billing, custom usage-event ordering, and per-event descriptions, as potential future work. None of those are commitments, but they sketch where Shopify's billing surface may head next.
Looking forward, the pattern across both announcements reads consistently: Shopify is investing in the partner ecosystem's plumbing — trust infrastructure on one side, billing flexibility on the other. Our expectation, clearly labelled as projection rather than announcement: identity verification is likely to extend to more partner surfaces over time, and agencies that fold ID verification into their standard onboarding SOP now will treat each extension as routine rather than as a fire drill. Agencies already tracking platform shifts like Shopify's Spring 2026 developer edition changes will recognize the cadence.
08 — Action PlanWhat to do this week, by agency situation.
The right move depends on how your agency touches Shopify. Four common situations, four plays:
You send collaborator requests weekly
Highest exposure. List every person who sends requests, verify all of them via the Request collaborations page now, and route future requests only through verified users. A failed request mid-handoff is a client-visible miss.
Mostly working in already-granted stores
Existing access is unaffected, so nothing breaks today. But the 90-day rolling expiry means access lapses happen — and re-requesting access after enforcement requires a verified user. Verify before you need it.
You ship your own Shopify apps
Revisit pricing architecture against the new 8-public / 15-private plan ceilings, test the no-charge flow knowing day-one bugs were reported, and evaluate negative and fractional App Events for cleaner usage-based billing.
Shopify is one channel among several
Treat this as the template for platform trust-tightening generally. Centralize which named individuals hold platform access across channels — the agencies handling this well run one access SOP, not one per platform.
Whichever row you sit in, the cost side of this is small — a government ID and a selfie per person — and the failure mode is asymmetric: a blocked collaborator request stalls a client onboarding at its most trust-sensitive moment. Teams already operating on the Shopify Plus AI commerce stack or running ongoing Shopify SEO work for clients should fold verification status into whatever access checklist they already maintain per client.
09 — ConclusionA five-minute check, a client-facing failure mode.
Verify every requester now — before enforcement picks the date for you.
Shopify partner identity verification is live as of July 9, 2026, optional today, and mandatory for new collaborator requests “in the coming weeks” — with no fixed date announced. The requirement is per-user, existing client access is untouched, and the check itself is a government photo ID plus a selfie or liveness step processed through Stripe.
The agency translation is short: identify every person who sends collaborator requests, have each of them verify via the Request collaborations page in the Dev Dashboard this week, and add the step to your onboarding SOP for future hires. Layer it onto the mechanics you already manage — the 10-pending-request cap, the 90-day rolling access expiry, merchant request codes — and the change costs you a few minutes per person.
The larger signal is worth registering too. Trust infrastructure on the access side and billing flexibility on the app side, shipped the same day, point at a partner ecosystem Shopify intends to keep professionalizing. Agencies that treat identity, access, and billing hygiene as operational disciplines — rather than as per-incident scrambles — are the ones platform tightening never surprises.