Mutation

Updates the attributes on a Cart. Attributes are custom key-value pairs that store additional information, such as gift messages, special instructions, or order notes.

Updates the buyer identity on a Cart, including contact information, location, and checkout preferences. The buyer's country determines international pricing and should match their shipping address.

Use this mutation to associate a logged-in customer via access token, set a B2B company location, or configure checkout preferences like delivery method. Preferences prefill checkout fields but don't sync back to the cart if overwritten at checkout.

Creates a new Cart for a buyer session. You can optionally initialize the cart with merchandise lines, discount codes, gift card codes, buyer identity for international pricing, and custom attributes.

The returned cart includes a checkoutUrl that directs the buyer to complete their purchase.

Adds delivery addresses to a Cart. A cart can have up to 20 delivery addresses. One address can be marked as selected for checkout, and addresses can optionally be marked as one-time use so they aren't saved to the customer's account.

Removes delivery addresses from a Cart by their IDs, allowing batch removal in a single request.

Replaces all delivery addresses on a Cart with a new set of addresses in a single operation. Unlike cartDeliveryAddressesUpdate, which modifies existing addresses, this mutation removes all current addresses and sets the provided list as the new delivery addresses.

One address can be marked as selected, and each address can be flagged for one-time use or configured with a specific validation strategy.

Updates one or more delivery addresses on a Cart. Each address can be modified to change its details, set it as the pre-selected address for checkout, or mark it for one-time use so it isn't saved to the customer's account.

Updates the discount codes applied to a Cart. This mutation replaces all existing discount codes with the provided list, so pass an empty array to remove all codes. Discount codes are case-insensitive.

After updating, check each CartDiscountCode in the cart's discountCodes field to see whether the code is applicable to the cart's current contents.

Adds gift card codes to a Cart without replacing any codes already applied. Gift card codes are case-insensitive.

To replace all gift card codes instead of adding to them, use cartGiftCardCodesUpdate.

Removes gift cards from a Cart using their IDs. You can retrieve the IDs of applied gift cards from the cart's appliedGiftCards field.

Updates the gift card codes applied to the cart. Unlike cartGiftCardCodesAdd, which adds codes without replacing existing ones, this mutation sets the gift card codes for the cart. Gift card codes are case-insensitive.

Adds one or more merchandise lines to an existing Cart. Each line specifies the product variant to purchase. Quantity defaults to 1 if not provided.

You can add up to 250 lines in a single request. Use CartLineInput to configure each line's merchandise, quantity, selling plan, custom attributes, and any parent relationships for nested line items such as warranties or add-ons.

Removes one or more merchandise lines from a Cart. Accepts up to 250 line IDs per request. Returns the updated cart along with any errors or warnings.

Updates one or more merchandise lines on a Cart. You can modify the quantity, swap the merchandise, change custom attributes, or update the selling plan for each line. You can update a maximum of 250 lines per request.

Omitting the attributes field or setting it to null preserves existing line attributes. Pass an empty array to clear all attributes from a line.

Deletes a cart metafield.

Note: This mutation won&#39;t trigger <a href="https://shopify.dev/docs/api/functions">Shopify Functions</a>. The changes won&#39;t be available to Shopify Functions until the buyer goes to checkout or performs another cart interaction that triggers the functions.

Sets Metafield values on a cart, creating new metafields or updating existing ones. Accepts up to 25 metafields per request.

Cart metafields can automatically copy to order metafields when an order is created, if there's a matching order metafield definition with the cart to order copyable capability enabled.

Note: This mutation doesn&#39;t trigger <a href="https://shopify.dev/docs/api/functions">Shopify Functions</a>. Changes aren&#39;t available to Shopify Functions until the buyer goes to checkout or performs another cart interaction that triggers the functions.

Updates the note on a Cart. The note is a text field that stores additional information, such as a personalized message from the buyer or special instructions for the order.

Updates the selected delivery option for one or more CartDeliveryGroup objects in a cart. Each delivery group represents items shipping to a specific address and offers multiple delivery options with different costs and methods.

Use this mutation when a customer chooses their preferred shipping method during checkout. The deliveryOptionHandle identifies which CartDeliveryOption to select for each delivery group.

For legacy customer accounts only.

Creates a CustomerAccessToken using the customer's email and password. The access token is required to read or modify the Customer object, such as updating account information or managing addresses.

The token has an expiration time. Use customerAccessTokenRenew to extend the token before it expires, or create a new token if it's already expired.

Caution: This mutation handles customer credentials. Always transmit requests over HTTPS and never log or expose the password.

Creates a CustomerAccessToken using a multipass token instead of email and password. This enables single sign-on for customers who authenticate through an external system.

If the customer doesn't exist in Shopify, then a new customer record is created automatically. If the customer exists but the record is disabled, then the customer record is re-enabled.

Caution: Multipass tokens are only valid for 15 minutes and can only be used once. Generate tokens on-the-fly when needed rather than in advance.

Permanently destroys a CustomerAccessToken. Use this mutation when a customer explicitly signs out or when you need to revoke the token. Use customerAccessTokenCreate to generate a new token with the customer's credentials.

Caution: This action is irreversible. The customer needs to sign in again to obtain a new access token.

Extends the validity of a CustomerAccessToken before it expires. The renewed token maintains authenticated access to customer operations.

Renewal must happen before the token's expiresAt time. If a token has already expired, then use customerAccessTokenCreate to generate a new token with the customer's credentials.

Caution: Store access tokens securely. Never store tokens in plain text or insecure locations, and avoid exposing them in URLs or logs.

Activates a customer account using an activation token received from the customerCreate mutation. The customer sets their password during activation and receives a CustomerAccessToken for authenticated access.

For a simpler approach that doesn't require parsing the activation URL, use customerActivateByUrl instead.

Caution: This mutation handles customer credentials. Always use HTTPS and never log or expose the password or access token.

Activates a customer account using the full activation URL from the customerCreate mutation. This approach simplifies activation by accepting the complete URL directly, eliminating the need to parse it for the customer ID and activation token. Returns a CustomerAccessToken for authenticating subsequent requests.

Caution: Store the returned access token securely. It grants access to the customer&#39;s account data.

Creates a new MailingAddress for a Customer. Use the customer's access token to identify them. Successful creation returns the new address.

Each customer can have multiple addresses.

Permanently deletes a specific MailingAddress for a Customer. Requires a valid customer access token to authenticate the request.

Caution: This action is irreversible. You can&#39;t recover the deleted address.

Updates an existing MailingAddress for a Customer. Requires a customer access token to identify the customer, an ID to specify which address to modify, and an address with the updated fields.

Successful update returns the updated MailingAddress.

Creates a new Customer account with the provided contact information and login credentials. The customer can then sign in for things such as accessing their account, viewing order history, and managing saved addresses.

Caution: This mutation creates customer credentials. Ensure passwords are collected securely and never logged or exposed in client-side code.

Updates the default address of an existing Customer. Requires a customer access token to identify the customer and an address ID to specify which address to set as the new default.

Subscribes a customer to the newsletter with an email address.

Sends a reset password email to the customer. The email contains a reset password URL and token that you can pass to the customerResetByUrl or customerReset mutation to reset the customer's password.

This mutation is throttled by IP. With private access, you can provide a Shopify-Storefront-Buyer-IP header instead of the request IP. The header is case-sensitive.

Caution: Ensure the value provided to <code><span class="PreventFireFoxApplyingGapToWBR">Shopify-Storefront-Buyer-I<wbr/>P</span></code> is trusted. Unthrottled access to this mutation presents a security risk.

Resets a customer's password using the reset token from a password recovery email. On success, returns the updated Customer and a new CustomerAccessToken for immediate authentication.

Use the customerRecover mutation to send the password recovery email that provides the reset token. Alternatively, use customerResetByUrl if you have the full reset URL instead of the customer ID and token.

Caution: This mutation handles sensitive customer credentials. Validate password requirements on the client before submission.

Resets a customer's password using the reset URL from a password recovery email. The reset URL is generated by the customerRecover mutation.

On success, returns the updated Customer and a new CustomerAccessToken for immediate authentication.

Caution: This mutation handles customer credentials. Ensure the new password is transmitted securely and never logged or exposed in client-side code.

Subscribes a customer to the newsletter with a phone number.

Updates a customer's personal information such as name, password, and marketing preferences. Requires a valid CustomerAccessToken to authenticate the customer making the update.

If the customer's password is updated, then all previous access tokens become invalid. The mutation returns a new access token in the payload to maintain the customer's session.

Caution: Password changes invalidate all existing access tokens. Ensure your app handles the new token returned in the response to avoid logging the customer out.

Creates a Shop Pay payment request session for processing payments. The session includes a checkout URL where customers complete their purchase and a token for subsequent operations like submitting the payment.

The sourceIdentifier must be unique across all orders to ensure accurate reconciliation.

For a complete integration guide including the JavaScript SDK setup and checkout flow, refer to the Shop Component API documentation. For implementation steps, see the development journey guide. For common error scenarios, see the troubleshooting guide.

Finalizes a Shop Pay payment request session. Call this mutation after creating a session with shopPayPaymentRequestSessionCreate.

The idempotencyKey argument ensures the payment transaction occurs only once, preventing duplicate charges. On success, returns a ShopPayPaymentRequestReceipt with the processing status and a receipt token.

For a complete integration guide including the JavaScript SDK setup and checkout flow, refer to the Shop Component API documentation. For implementation steps, see the development journey guide. For common error scenarios, see the troubleshooting guide.