UserError

The path to the input field that caused the error.

The error message.

For legacy customer accounts only.

Creates a CustomerAccessToken using the customer's email and password. The access token is required to read or modify the Customer object, such as updating account information or managing addresses.

The token has an expiration time. Use customerAccessTokenRenew to extend the token before it expires, or create a new token if it's already expired.

Caution: This mutation handles customer credentials. Always transmit requests over HTTPS and never log or expose the password.

Permanently destroys a CustomerAccessToken. Use this mutation when a customer explicitly signs out or when you need to revoke the token. Use customerAccessTokenCreate to generate a new token with the customer's credentials.

Caution: This action is irreversible. The customer needs to sign in again to obtain a new access token.

Extends the validity of a CustomerAccessToken before it expires. The renewed token maintains authenticated access to customer operations.

Renewal must happen before the token's expiresAt time. If a token has already expired, then use customerAccessTokenCreate to generate a new token with the customer's credentials.

Caution: Store access tokens securely. Never store tokens in plain text or insecure locations, and avoid exposing them in URLs or logs.

Activates a customer account using an activation token received from the customerCreate mutation. The customer sets their password during activation and receives a CustomerAccessToken for authenticated access.

For a simpler approach that doesn't require parsing the activation URL, use customerActivateByUrl instead.

Caution: This mutation handles customer credentials. Always use HTTPS and never log or expose the password or access token.

Creates a new MailingAddress for a Customer. Use the customer's access token to identify them. Successful creation returns the new address.

Each customer can have multiple addresses.

Permanently deletes a specific MailingAddress for a Customer. Requires a valid customer access token to authenticate the request.

Caution: This action is irreversible. You can't recover the deleted address.

Updates an existing MailingAddress for a Customer. Requires a customer access token to identify the customer, an ID to specify which address to modify, and an address with the updated fields.

Successful update returns the updated MailingAddress.

Creates a new Customer account with the provided contact information and login credentials. The customer can then sign in for things such as accessing their account, viewing order history, and managing saved addresses.

Caution: This mutation creates customer credentials. Ensure passwords are collected securely and never logged or exposed in client-side code.

Updates the default address of an existing Customer. Requires a customer access token to identify the customer and an address ID to specify which address to set as the new default.

Sends a reset password email to the customer. The email contains a reset password URL and token that you can pass to the customerResetByUrl or customerReset mutation to reset the customer's password.

This mutation is throttled by IP. With private access, you can provide a Shopify-Storefront-Buyer-IP header instead of the request IP. The header is case-sensitive.

Caution: Ensure the value provided to <code><span class="PreventFireFoxApplyingGapToWBR">Shopify-Storefront-Buyer-I<wbr/>P</span></code> is trusted. Unthrottled access to this mutation presents a security risk.

Resets a customer's password using the reset token from a password recovery email. On success, returns the updated Customer and a new CustomerAccessToken for immediate authentication.

Use the customerRecover mutation to send the password recovery email that provides the reset token. Alternatively, use customerResetByUrl if you have the full reset URL instead of the customer ID and token.

Caution: This mutation handles sensitive customer credentials. Validate password requirements on the client before submission.

Resets a customer's password using the reset URL from a password recovery email. The reset URL is generated by the customerRecover mutation.

On success, returns the updated Customer and a new CustomerAccessToken for immediate authentication.

Caution: This mutation handles customer credentials. Ensure the new password is transmitted securely and never logged or exposed in client-side code.

Updates a customer's personal information such as name, password, and marketing preferences. Requires a valid CustomerAccessToken to authenticate the customer making the update.

If the customer's password is updated, then all previous access tokens become invalid. The mutation returns a new access token in the payload to maintain the customer's session.

Caution: Password changes invalidate all existing access tokens. Ensure your app handles the new token returned in the response to avoid logging the customer out.