--- title: Session Token description: The API for interacting with session tokens. api_version: 2025-10 api_name: customer-account-ui-extensions source_url: html: >- https://shopify.dev/docs/api/customer-account-ui-extensions/latest/apis/session-token md: >- https://shopify.dev/docs/api/customer-account-ui-extensions/latest/apis/session-token.md --- # Session Token The API for interacting with session tokens. ## StandardApi The base API object provided to this and other `customer-account` extension targets. * sessionToken SessionToken required Provides access to session tokens, which can be used to verify token claims on your app's server. See [session token examples](https://shopify.dev/docs/api/customer-account-ui-extensions/apis/session-token#examples) for more information. ### SessionToken * get Requests a session token that hasn't expired. You should call this method every time you need to make a request to your backend in order to get a valid token. This method will return cached tokens when possible, so you don’t need to worry about storing these tokens yourself. ```ts () => Promise ``` ```ts export interface SessionToken { /** * Requests a session token that hasn't expired. You should call this method every * time you need to make a request to your backend in order to get a valid token. * This method will return cached tokens when possible, so you don’t need to worry * about storing these tokens yourself. */ get(): Promise; } ``` ### Examples * #### Extension.jsx ##### Default ```jsx import '@shopify/ui-extensions/preact'; import {render} from 'preact'; import {useEffect} from 'preact/hooks'; export default async () => { render(, document.body); }; function Extension() { useEffect(() => { async function queryApi() { // Request a new (or cached) session token from Shopify const token = await shopify.sessionToken.get(); console.log('sessionToken.get()', token); const apiResponse = await fetchWithToken( token, ); // Use your response console.log('API response', apiResponse); } function fetchWithToken(token) { const result = fetch( 'https://myapp.com/api/session-token', { headers: { Authorization: `Bearer ${token}`, }, }, ); return result; } queryApi(); }, []); return ( See console for API response ); } ``` ## Examples ### Examples * #### Session token claims ##### Description The contents of the token are signed using your shared app secret. The optional \`sub\` claim contains the customer's \`gid\` if they are logged in and your app has permission to read customer accounts. For example, a loyalty app that needs to check a customer's point balance can use the \`sub\` claim to verify the customer's account. ##### Session token claims ```json { // Shopify URL "dest": "store-name.myshopify.com", // The Client ID of your app "aud": "", // When the token expires. Set at 5 minutes. "exp": 1679954053, // When the token was actived "nbf": 1679953753, // When the token was issued "iat": 1679953753, // A unique identifier (a nonce) to prevent replay attacks "jti": "6c992878-dbaf-48d1-bb9d-6d9b59814fd1", // Optional claim present when a customer is logged in and your app has permissions to read customer data "sub": "gid://shopify/Customer/" } ```