Customer

Indicates whether the customer has consented to be sent marketing material via email.

A list of addresses for the customer.

The URL of the customer's avatar image.

The date and time when the customer was created.

The customer’s default address.

The customer’s name, email or phone number.

The customer’s email address.

The customer’s first name.

A unique ID for the customer.

The customer’s last name.

A custom field, including its namespace and key, that's associated with a Shopify resource for the purposes of adding and storing additional information.

A list of custom fields that a merchant associates with a Shopify resource.

The number of orders that the customer has made at the store in their lifetime.

The orders associated with the customer.

The customer’s phone number.

The social login provider associated with the customer.

A comma separated list of tags that have been added to the customer. Additional access scope required: unauthenticated_read_customer_tags.

The date and time when the customer information was updated.

Retrieves the Customer associated with the provided access token. Use the customerAccessTokenCreate mutation to obtain an access token using legacy customer account authentication (email and password).

The returned customer includes data such as contact information, addresses, orders, and custom data associated with the customer.

Activates a customer account using an activation token received from the customerCreate mutation. The customer sets their password during activation and receives a CustomerAccessToken for authenticated access.

For a simpler approach that doesn't require parsing the activation URL, use customerActivateByUrl instead.

Caution: This mutation handles customer credentials. Always use HTTPS and never log or expose the password or access token.

Activates a customer account using the full activation URL from the customerCreate mutation. This approach simplifies activation by accepting the complete URL directly, eliminating the need to parse it for the customer ID and activation token. Returns a CustomerAccessToken for authenticating subsequent requests.

Caution: Store the returned access token securely. It grants access to the customer's account data.

Creates a new Customer account with the provided contact information and login credentials. The customer can then sign in for things such as accessing their account, viewing order history, and managing saved addresses.

Caution: This mutation creates customer credentials. Ensure passwords are collected securely and never logged or exposed in client-side code.

Updates the default address of an existing Customer. Requires a customer access token to identify the customer and an address ID to specify which address to set as the new default.

Resets a customer's password using the reset token from a password recovery email. On success, returns the updated Customer and a new CustomerAccessToken for immediate authentication.

Use the customerRecover mutation to send the password recovery email that provides the reset token. Alternatively, use customerResetByUrl if you have the full reset URL instead of the customer ID and token.

Caution: This mutation handles sensitive customer credentials. Validate password requirements on the client before submission.

Resets a customer's password using the reset URL from a password recovery email. The reset URL is generated by the customerRecover mutation.

On success, returns the updated Customer and a new CustomerAccessToken for immediate authentication.

Caution: This mutation handles customer credentials. Ensure the new password is transmitted securely and never logged or exposed in client-side code.

Updates a customer's personal information such as name, password, and marketing preferences. Requires a valid CustomerAccessToken to authenticate the customer making the update.

If the customer's password is updated, then all previous access tokens become invalid. The mutation returns a new access token in the payload to maintain the customer's session.

Caution: Password changes invalidate all existing access tokens. Ensure your app handles the new token returned in the response to avoid logging the customer out.