--- title: CustomerAccessToken - Storefront API description: A CustomerAccessToken represents the unique token required to make modifications to the customer object. api_version: 2025-10 api_name: storefront type: object api_type: graphql source_url: html: https://shopify.dev/docs/api/storefront/latest/objects/CustomerAccessToken md: https://shopify.dev/docs/api/storefront/latest/objects/CustomerAccessToken.md --- # Customer​Access​Token object Requires `unauthenticated_read_customers` access scope. A CustomerAccessToken represents the unique token required to make modifications to the customer object. ## Fields * access​Token [String!](https://shopify.dev/docs/api/storefront/latest/scalars/String) non-null The customer’s access token. * expires​At [Date​Time!](https://shopify.dev/docs/api/storefront/latest/scalars/DateTime) non-null The date and time when the customer access token expires. *** ## Map No referencing types *** ## Mutations * [customer​Access​Token​Create](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenCreate) mutation Creates a customer access token. The customer access token is required to modify the customer object in any way. * [customer​Access​Token​Create​With​Multipass](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenCreateWithMultipass) mutation Creates a customer access token using a [multipass token](https://shopify.dev/api/multipass) instead of email and password. A customer record is created if the customer doesn't exist. If a customer record already exists but the record is disabled, then the customer record is enabled. * [customer​Access​Token​Renew](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenRenew) mutation Renews a customer access token. Access token renewal must happen *before* a token expires. If a token has already expired, a new one should be created instead via `customerAccessTokenCreate`. * [customer​Activate](https://shopify.dev/docs/api/storefront/latest/mutations/customerActivate) mutation Activates a customer. * [customer​Activate​By​Url](https://shopify.dev/docs/api/storefront/latest/mutations/customerActivateByUrl) mutation Activates a customer with the activation url received from `customerCreate`. * [customer​Reset](https://shopify.dev/docs/api/storefront/latest/mutations/customerReset) mutation "Resets a customer’s password with the token received from a reset password email. You can send a reset password email with the [`customerRecover`](https://shopify.dev/api/storefront/latest/mutations/customerRecover) mutation." * [customer​Reset​By​Url](https://shopify.dev/docs/api/storefront/latest/mutations/customerResetByUrl) mutation "Resets a customer’s password with the reset password URL received from a reset password email. You can send a reset password email with the [`customerRecover`](https://shopify.dev/api/storefront/latest/mutations/customerRecover) mutation." * [customer​Update](https://shopify.dev/docs/api/storefront/latest/mutations/customerUpdate) mutation Updates an existing customer. *** ## <\~> CustomerAccessToken Mutations ### Mutated by * <\~>[customer​Access​Token​Create](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenCreate) * <\~>[customer​Access​Token​Create​With​Multipass](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenCreateWithMultipass) * <\~>[customer​Access​Token​Renew](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenRenew) * <\~>[customer​Activate](https://shopify.dev/docs/api/storefront/latest/mutations/customerActivate) * <\~>[customer​Activate​By​Url](https://shopify.dev/docs/api/storefront/latest/mutations/customerActivateByUrl) * <\~>[customer​Reset](https://shopify.dev/docs/api/storefront/latest/mutations/customerReset) * <\~>[customer​Reset​By​Url](https://shopify.dev/docs/api/storefront/latest/mutations/customerResetByUrl) * <\~>[customer​Update](https://shopify.dev/docs/api/storefront/latest/mutations/customerUpdate)