Updating customers

This guide covers creating and updating customers using the Storefront API. You'll learn how to create a customer, generate access tokens, and do a few common tasks such as associating an address with a customer and recovering a customer's password.

Prerequisites

The guide assumes you're authenticated with the Storefront API, and that you've obtained your storefront access token.

Creating the customer

You can create a customer using the customerCreate mutation. You can use this mutation to create a sign-up form on your custom storefront that will provide the customer with an account on your Shopify store.

mutation customerCreate($input: CustomerCreateInput!) {
  customerCreate(input: $input) {
    userErrors {
      field
      message
    }
    customer {
      id
    }
  }
}

GraphQL query variables:

{
  "input": {
    "email": "user@example.com",
    "password": "HiZqFuDvDdQ7"
  }
}

If the query is successful, the customer is created and the customer id is returned. An email is sent to the customer with the information that the account has been activated.

{
  "data": {
    "customerCreate": {
      "userErrors": [],
      "customer": {
        "id": "Z2lkOi8vc2hvcGlmeS9DdXN0b21lci8xNzk4OTQ5MTA5ODI="
      }
    }
  }
}

Activating the customer

You might want to send an activation email to an existing customer that doesn't already have an account. In this scenario, an email that includes an activation link is sent to the customer. The account activate URL directs the customer to Shopify where they can activate the account.

If you're using iOS universal links, the Shopify account activate URL will redirect to your native app. In this case, you can use the customerActivate mutation to send the customer's password and activationToken to Shopify. The activationToken is included in the account activate URL.

The following mutation takes the activationTokenfrom the Shopify account activation URL and sends it to Shopify along with the customer's password.

mutation customerActivate($id: ID!, $input: CustomerActivateInput!) {
  customerActivate(id: $id, input: $input) {
    userErrors {
      field
      message
    }
    customer {
      id
    }
  }
}

GraphQL variables:


{
  "id": "Z2lkOi8vU2hvcGlmeS9FeGFtcGxlLzE=",
  "input": {
    "activationToken": "ae0f1d2e179c9571122a0595a6ac8125",
    "password": "HiZqFuDvDdQ7"
  }
}

Creating an access token

After the customer account is created on your store, the customer can log in to their account. Login operations use the customerAccessTokenCreate mutation to exchange the customer's credentials for an access token. You'll also need the access token to do other customer actions, such as associating an address or querying for customer data.

The following mutation creates the access token:

mutation customerAccessTokenCreate($input: CustomerAccessTokenCreateInput!) {
  customerAccessTokenCreate(input: $input) {
    userErrors {
      field
      message
    }
    customerAccessToken {
      accessToken
      expiresAt
    }
  }
}

GraphQL variables:

{
  "input": {
    "email": "user@example.com",
    "password": "HiZqFuDvDdQ7"
  }
}

A successful query returns the customer access token. Access tokens expire according to the included expiresAt field.

{
  "data": {
    "customerAccessTokenCreate": {
      "userErrors": [],
      "customerAccessToken": {
        "accessToken": "5df718033d4765153f76470badab4c7c",
        "expiresAt": "2018-02-27T20:23:18Z"
      }
    }
  }
}

Updating the address

After you've obtained the access token, you can use it to associate or update an address for the customer.


mutation customerAddressCreate($customerAccessToken: String!, $address: MailingAddressInput!) {
  customerAddressCreate(customerAccessToken: $customerAccessToken, address: $address) {
    userErrors {
      field
      message
    }
    customerAddress {
      id
    }
  }
}

GraphQL variables:

{
  "customerAccessToken": "e40e9017997a60ed8a6d7bf1f441d743",
  "address": {
    "lastName": "Doe",
    "firstName": "John",
    "address1": "123 Test Street",
    "province": "QC",
    "country": "Canada",
    "zip": "H3K0X2",
    "city": "Montreal"
  }
}

In response, the API returns the ID of the customerAddress. You can use this ID to update the customer's default address by using the customerAddressUpdate mutation.


{
  "data": {
    "customerAddressCreate": {
      "userErrors": [],
      "customerAddress": {
        "id": "Z2lkOi8vc2hvcGlmeS9NYWlsaW5nQWRkcmVzcy8yMTg3MDUxOTkxMTA/bW9kZWxfbmFtZT1DdXN0b21lckFkZHJlc3MmY3VzdG9tZXJfYWNjZXNzX3Rva2VuPWU0MGU5MDE3OTk3YTYwZWQ4YTZkN2JmMWY0NDFkNzQz"
      }
    }
  }
}

Recovering and resetting passwords

You can use the customerRecover mutation to implement a password recovery flow on your custom storefront. The mutation requires the customer's email address and is used to send an email with a link to reset the password.

The following mutation recovers the customer's password:


mutation customerRecover($email: String!) {
  customerRecover(email: $email) {
    userErrors {
      field
      message
    }
  }
}

GraphQL variables:

{
  "email": "user@example.com"
}

In response to a successful mutation, an email is sent with a reset password link. Clicking the link directs the customer to the Shopify account reset URL.

Using the customerReset mutation

If you are using iOS universal links, the Shopify account reset URL will redirect to your native app. In this case, you can use the customerReset mutation to send the customer's new password and resetToken to Shopify. The resetToken is included in the account reset redirect URL.

The following mutation takes the resetTokenfrom the Shopify account reset URL and sends it to Shopify along with the customer's new password.

mutation customerReset($id: ID!, $input: CustomerResetInput!) {
  customerReset(id: $id, input: $input) {
    userErrors {
      field
      message
    }
    customer {
      id
    }
  }
}


GraphQL variables:

{
  "id": "Z2lkOi8vU2hvcGlmeS9FeGFtcGxlLzE=",
  "input": {
    "resetToken": "ae0f1d2e179c9571122a0595a6ac8125",
    "password": "HiZqFuDvDdQ7"
  }
}

A successful mutation returns the customer ID for the password that was reset.

{
  "data": {
    "customerReset": {
      "userErrors": [],
      "customer": {
        "id": "Z2lkOi8vc2hvcGlmeS9DdXN0b21lci8xNzk4OTQ5MTA5ODI="
      }
    }
  }
}