CustomerUserError

The error code.

The path to the input field that caused the error.

The error message.

For legacy customer accounts only.

Creates a CustomerAccessToken using the customer's email and password. The access token is required to read or modify the Customer object, such as updating account information or managing addresses.

The token has an expiration time. Use customerAccessTokenRenew to extend the token before it expires, or create a new token if it's already expired.

Caution: This mutation handles customer credentials. Always transmit requests over HTTPS and never log or expose the password.

Creates a CustomerAccessToken using a multipass token instead of email and password. This enables single sign-on for customers who authenticate through an external system.

If the customer doesn't exist in Shopify, then a new customer record is created automatically. If the customer exists but the record is disabled, then the customer record is re-enabled.

Caution: Multipass tokens are only valid for 15 minutes and can only be used once. Generate tokens on-the-fly when needed rather than in advance.

Activates a customer account using an activation token received from the customerCreate mutation. The customer sets their password during activation and receives a CustomerAccessToken for authenticated access.

For a simpler approach that doesn't require parsing the activation URL, use customerActivateByUrl instead.

Caution: This mutation handles customer credentials. Always use HTTPS and never log or expose the password or access token.

Activates a customer account using the full activation URL from the customerCreate mutation. This approach simplifies activation by accepting the complete URL directly, eliminating the need to parse it for the customer ID and activation token. Returns a CustomerAccessToken for authenticating subsequent requests.

Caution: Store the returned access token securely. It grants access to the customer's account data.

Creates a new MailingAddress for a Customer. Use the customer's access token to identify them. Successful creation returns the new address.

Each customer can have multiple addresses.

Permanently deletes a specific MailingAddress for a Customer. Requires a valid customer access token to authenticate the request.

Caution: This action is irreversible. You can't recover the deleted address.

Updates an existing MailingAddress for a Customer. Requires a customer access token to identify the customer, an ID to specify which address to modify, and an address with the updated fields.

Successful update returns the updated MailingAddress.

Creates a new Customer account with the provided contact information and login credentials. The customer can then sign in for things such as accessing their account, viewing order history, and managing saved addresses.

Caution: This mutation creates customer credentials. Ensure passwords are collected securely and never logged or exposed in client-side code.

Updates the default address of an existing Customer. Requires a customer access token to identify the customer and an address ID to specify which address to set as the new default.

Subscribes a customer to the newsletter with an email address.

Sends a reset password email to the customer. The email contains a reset password URL and token that you can pass to the customerResetByUrl or customerReset mutation to reset the customer's password.

This mutation is throttled by IP. With private access, you can provide a Shopify-Storefront-Buyer-IP header instead of the request IP. The header is case-sensitive.

Caution: Ensure the value provided to <code><span class="PreventFireFoxApplyingGapToWBR">Shopify-Storefront-Buyer-I<wbr/>P</span></code> is trusted. Unthrottled access to this mutation presents a security risk.

Resets a customer's password using the reset token from a password recovery email. On success, returns the updated Customer and a new CustomerAccessToken for immediate authentication.

Use the customerRecover mutation to send the password recovery email that provides the reset token. Alternatively, use customerResetByUrl if you have the full reset URL instead of the customer ID and token.

Caution: This mutation handles sensitive customer credentials. Validate password requirements on the client before submission.

Resets a customer's password using the reset URL from a password recovery email. The reset URL is generated by the customerRecover mutation.

On success, returns the updated Customer and a new CustomerAccessToken for immediate authentication.

Caution: This mutation handles customer credentials. Ensure the new password is transmitted securely and never logged or exposed in client-side code.

Subscribes a customer to the newsletter with a phone number.

Updates a customer's personal information such as name, password, and marketing preferences. Requires a valid CustomerAccessToken to authenticate the customer making the update.

If the customer's password is updated, then all previous access tokens become invalid. The mutation returns a new access token in the payload to maintain the customer's session.

Caution: Password changes invalidate all existing access tokens. Ensure your app handles the new token returned in the response to avoid logging the customer out.