--- title: UserError - Storefront API description: Represents an error in the input of a mutation. api_version: 2026-01 api_name: storefront type: object api_type: graphql source_url: html: 'https://shopify.dev/docs/api/storefront/latest/objects/UserError' md: 'https://shopify.dev/docs/api/storefront/latest/objects/UserError.md' --- # User​Error object Represents an error in the input of a mutation. ## Fields * field [\[String!\]](https://shopify.dev/docs/api/storefront/latest/scalars/String) The path to the input field that caused the error. * message [String!](https://shopify.dev/docs/api/storefront/latest/scalars/String) non-null The error message. *** ## Map No referencing types *** ## Mutations * [customer​Access​Token​Create](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenCreate) mutation For legacy customer accounts only. Creates a [`CustomerAccessToken`](https://shopify.dev/docs/api/storefront/2026-01/objects/CustomerAccessToken) using the customer's email and password. The access token is required to read or modify the [`Customer`](https://shopify.dev/docs/api/storefront/2026-01/objects/Customer) object, such as updating account information or managing addresses. The token has an expiration time. Use [`customerAccessTokenRenew`](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerAccessTokenRenew) to extend the token before it expires, or create a new token if it's already expired. *** **Caution:** This mutation handles customer credentials. Always transmit requests over HTTPS and never log or expose the password. *** * input [Customer​Access​Token​Create​Input!](https://shopify.dev/docs/api/storefront/latest/input-objects/CustomerAccessTokenCreateInput) required ### Arguments The fields used to create a customer access token. *** * [customer​Access​Token​Delete](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenDelete) mutation Permanently destroys a [`CustomerAccessToken`](https://shopify.dev/docs/api/storefront/2026-01/objects/CustomerAccessToken). Use this mutation when a customer explicitly signs out or when you need to revoke the token. Use [`customerAccessTokenCreate`](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerAccessTokenCreate) to generate a new token with the customer's credentials. *** **Caution:** This action is irreversible. The customer needs to sign in again to obtain a new access token. *** * customer​Access​Token [String!](https://shopify.dev/docs/api/storefront/latest/scalars/String) required ### Arguments The access token used to identify the customer. *** * [customer​Access​Token​Renew](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenRenew) mutation Extends the validity of a [`CustomerAccessToken`](https://shopify.dev/docs/api/storefront/2026-01/objects/CustomerAccessToken) before it expires. The renewed token maintains authenticated access to customer operations. Renewal must happen before the token's [`expiresAt`](https://shopify.dev/docs/api/storefront/2026-01/objects/CustomerAccessToken#field-CustomerAccessToken.fields.expiresAt) time. If a token has already expired, then use [`customerAccessTokenCreate`](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerAccessTokenCreate) to generate a new token with the customer's credentials. *** **Caution:** Store access tokens securely. Never store tokens in plain text or insecure locations, and avoid exposing them in URLs or logs. *** * customer​Access​Token [String!](https://shopify.dev/docs/api/storefront/latest/scalars/String) required ### Arguments The access token used to identify the customer. *** * [customer​Activate](https://shopify.dev/docs/api/storefront/latest/mutations/customerActivate) mutation Activates a customer account using an activation token received from the [`customerCreate`](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerCreate) mutation. The customer sets their password during activation and receives a [`CustomerAccessToken`](https://shopify.dev/docs/api/storefront/2026-01/objects/CustomerAccessToken) for authenticated access. For a simpler approach that doesn't require parsing the activation URL, use [`customerActivateByUrl`](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerActivateByUrl) instead. *** **Caution:** This mutation handles customer credentials. Always use HTTPS and never log or expose the password or access token. *** * id [ID!](https://shopify.dev/docs/api/storefront/latest/scalars/ID) required ### Arguments Specifies the customer to activate. * input [Customer​Activate​Input!](https://shopify.dev/docs/api/storefront/latest/input-objects/CustomerActivateInput) required The fields used to activate a customer. *** * [customer​Address​Create](https://shopify.dev/docs/api/storefront/latest/mutations/customerAddressCreate) mutation Creates a new [`MailingAddress`](https://shopify.dev/docs/api/storefront/2026-01/objects/MailingAddress) for a [`Customer`](https://shopify.dev/docs/api/storefront/2026-01/objects/Customer). Use the customer's [access token](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerAddressCreate#arguments-customerAccessToken) to identify them. Successful creation returns the new address. Each customer can have multiple addresses. * customer​Access​Token [String!](https://shopify.dev/docs/api/storefront/latest/scalars/String) required ### Arguments The access token used to identify the customer. * address [Mailing​Address​Input!](https://shopify.dev/docs/api/storefront/latest/input-objects/MailingAddressInput) required The customer mailing address to create. *** * [customer​Address​Delete](https://shopify.dev/docs/api/storefront/latest/mutations/customerAddressDelete) mutation Permanently deletes a specific [`MailingAddress`](https://shopify.dev/docs/api/storefront/2026-01/objects/MailingAddress) for a [`Customer`](https://shopify.dev/docs/api/storefront/2026-01/objects/Customer). Requires a valid [customer access token](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerAddressDelete#arguments-customerAccessToken) to authenticate the request. *** **Caution:** This action is irreversible. You can\'t recover the deleted address. *** * id [ID!](https://shopify.dev/docs/api/storefront/latest/scalars/ID) required ### Arguments Specifies the address to delete. * customer​Access​Token [String!](https://shopify.dev/docs/api/storefront/latest/scalars/String) required The access token used to identify the customer. *** * [customer​Address​Update](https://shopify.dev/docs/api/storefront/latest/mutations/customerAddressUpdate) mutation Updates an existing [`MailingAddress`](https://shopify.dev/docs/api/storefront/2026-01/objects/MailingAddress) for a [`Customer`](https://shopify.dev/docs/api/storefront/2026-01/objects/Customer). Requires a [customer access token](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerAddressUpdate#arguments-customerAccessToken) to identify the customer, an ID to specify which address to modify, and an [`address`](https://shopify.dev/docs/api/storefront/2026-01/input-objects/MailingAddressInput) with the updated fields. Successful update returns the updated [`MailingAddress`](https://shopify.dev/docs/api/storefront/2026-01/objects/MailingAddress). * customer​Access​Token [String!](https://shopify.dev/docs/api/storefront/latest/scalars/String) required ### Arguments The access token used to identify the customer. * id [ID!](https://shopify.dev/docs/api/storefront/latest/scalars/ID) required Specifies the customer address to update. * address [Mailing​Address​Input!](https://shopify.dev/docs/api/storefront/latest/input-objects/MailingAddressInput) required The customer’s mailing address. *** * [customer​Create](https://shopify.dev/docs/api/storefront/latest/mutations/customerCreate) mutation Creates a new [`Customer`](https://shopify.dev/docs/api/storefront/2026-01/objects/Customer) account with the provided contact information and login credentials. The customer can then sign in for things such as accessing their account, viewing order history, and managing saved addresses. *** **Caution:** This mutation creates customer credentials. Ensure passwords are collected securely and never logged or exposed in client-side code. *** * input [Customer​Create​Input!](https://shopify.dev/docs/api/storefront/latest/input-objects/CustomerCreateInput) required ### Arguments The fields used to create a new customer. *** * [customer​Default​Address​Update](https://shopify.dev/docs/api/storefront/latest/mutations/customerDefaultAddressUpdate) mutation Updates the default address of an existing [`Customer`](https://shopify.dev/docs/api/storefront/2026-01/objects/Customer). Requires a [customer access token](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerDefaultAddressUpdate#arguments-customerAccessToken) to identify the customer and an address ID to specify which address to set as the new default. * customer​Access​Token [String!](https://shopify.dev/docs/api/storefront/latest/scalars/String) required ### Arguments The access token used to identify the customer. * address​Id [ID!](https://shopify.dev/docs/api/storefront/latest/scalars/ID) required ID of the address to set as the new default for the customer. *** * [customer​Recover](https://shopify.dev/docs/api/storefront/latest/mutations/customerRecover) mutation Sends a reset password email to the customer. The email contains a reset password URL and token that you can pass to the [`customerResetByUrl`](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerResetByUrl) or [`customerReset`](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerReset) mutation to reset the customer's password. This mutation is throttled by IP. With private access, you can provide a [`Shopify-Storefront-Buyer-IP` header](https://shopify.dev/docs/api/usage/authentication#optional-ip-header) instead of the request IP. The header is case-sensitive. *** **Caution:** Ensure the value provided to \\Shopify-Storefront-Buyer-I\P\\ is trusted. Unthrottled access to this mutation presents a security risk. *** * email [String!](https://shopify.dev/docs/api/storefront/latest/scalars/String) required ### Arguments The email address of the customer to recover. *** * [customer​Reset](https://shopify.dev/docs/api/storefront/latest/mutations/customerReset) mutation Resets a customer's password using the reset token from a password recovery email. On success, returns the updated [`Customer`](https://shopify.dev/docs/api/storefront/2026-01/objects/Customer) and a new [`CustomerAccessToken`](https://shopify.dev/docs/api/storefront/2026-01/objects/CustomerAccessToken) for immediate authentication. Use the [`customerRecover`](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerRecover) mutation to send the password recovery email that provides the reset token. Alternatively, use [`customerResetByUrl`](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerResetByUrl) if you have the full reset URL instead of the customer ID and token. *** **Caution:** This mutation handles sensitive customer credentials. Validate password requirements on the client before submission. *** * id [ID!](https://shopify.dev/docs/api/storefront/latest/scalars/ID) required ### Arguments Specifies the customer to reset. * input [Customer​Reset​Input!](https://shopify.dev/docs/api/storefront/latest/input-objects/CustomerResetInput) required The fields used to reset a customer’s password. *** * [customer​Reset​By​Url](https://shopify.dev/docs/api/storefront/latest/mutations/customerResetByUrl) mutation Resets a customer's password using the reset URL from a password recovery email. The reset URL is generated by the [`customerRecover`](https://shopify.dev/docs/api/storefront/2026-01/mutations/customerRecover) mutation. On success, returns the updated [`Customer`](https://shopify.dev/docs/api/storefront/2026-01/objects/Customer) and a new [`CustomerAccessToken`](https://shopify.dev/docs/api/storefront/2026-01/objects/CustomerAccessToken) for immediate authentication. *** **Caution:** This mutation handles customer credentials. Ensure the new password is transmitted securely and never logged or exposed in client-side code. *** * reset​Url [URL!](https://shopify.dev/docs/api/storefront/latest/scalars/URL) required ### Arguments The customer's reset password url. * password [String!](https://shopify.dev/docs/api/storefront/latest/scalars/String) required New password that will be set as part of the reset password process. *** * [customer​Update](https://shopify.dev/docs/api/storefront/latest/mutations/customerUpdate) mutation Updates a [customer's](https://shopify.dev/docs/api/storefront/2026-01/objects/Customer) personal information such as name, password, and marketing preferences. Requires a valid [`CustomerAccessToken`](https://shopify.dev/docs/api/storefront/2026-01/objects/CustomerAccessToken) to authenticate the customer making the update. If the customer's password is updated, then all previous access tokens become invalid. The mutation returns a new access token in the payload to maintain the customer's session. *** **Caution:** Password changes invalidate all existing access tokens. Ensure your app handles the new token returned in the response to avoid logging the customer out. *** * customer​Access​Token [String!](https://shopify.dev/docs/api/storefront/latest/scalars/String) required ### Arguments The access token used to identify the customer. * customer [Customer​Update​Input!](https://shopify.dev/docs/api/storefront/latest/input-objects/CustomerUpdateInput) required The customer object input. *** *** ## UserError Mutations ### Mutated by * [customer​Access​Token​Create](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenCreate) * [customer​Access​Token​Delete](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenDelete) * [customer​Access​Token​Renew](https://shopify.dev/docs/api/storefront/latest/mutations/customerAccessTokenRenew) * [customer​Activate](https://shopify.dev/docs/api/storefront/latest/mutations/customerActivate) * [customer​Address​Create](https://shopify.dev/docs/api/storefront/latest/mutations/customerAddressCreate) * [customer​Address​Delete](https://shopify.dev/docs/api/storefront/latest/mutations/customerAddressDelete) * [customer​Address​Update](https://shopify.dev/docs/api/storefront/latest/mutations/customerAddressUpdate) * [customer​Create](https://shopify.dev/docs/api/storefront/latest/mutations/customerCreate) * [customer​Default​Address​Update](https://shopify.dev/docs/api/storefront/latest/mutations/customerDefaultAddressUpdate) * [customer​Recover](https://shopify.dev/docs/api/storefront/latest/mutations/customerRecover) * [customer​Reset](https://shopify.dev/docs/api/storefront/latest/mutations/customerReset) * [customer​Reset​By​Url](https://shopify.dev/docs/api/storefront/latest/mutations/customerResetByUrl) * [customer​Update](https://shopify.dev/docs/api/storefront/latest/mutations/customerUpdate) *** ## Interfaces * [Displayable​Error](https://shopify.dev/docs/api/storefront/latest/interfaces/DisplayableError) interface *** ## UserError Implements ### Implements * [Displayable​Error](https://shopify.dev/docs/api/storefront/latest/interfaces/DisplayableError)