About the Order status page
The Order status page is where customers can view, manage, and track a specific order. Customers can reach this page from order notifications, or by clicking an order on the Order index page. Since customers frequently check their order status, the Order status page is an essential part of the customer journey, and a great opportunity for building UI extensions that add useful functionality to the customer experience.
Shared extensions
Anchor link to section titled "Shared extensions"The following targets on the Order status page can be deployed to live merchant shops, while the rest of the targets on the Order status page will remain in developer preview:
customer-account.order-status.block.render
customer-account.order-status.customer-information.render-after
customer-account.order-status.cart-line-item.render-after
customer-account.order-status.cart-line-list.render-after
Authentication states
Anchor link to section titled "Authentication states"The Order status page supports the following authentication states:
Unauthenticated state
Anchor link to section titled "Unauthenticated state"The unauthenticated Order status page can be accessed by anyone who has a direct link.
When customers directly access the page, only public order data like items in the cart, order status, and order total displays. Sensitive and personally identifiable information is redacted. Because the unauthenticated Order status page is fully public, it doesn't support extensions. This prevents exposing sensitive information or actions.
Pre-authenticated state
Anchor link to section titled "Pre-authenticated state"When a customer accesses the Order status page from an order notification, the URL includes a token. This token provides partial authentication, which allows customers to view all data related to that order without logging in.
Customers can access the pre-authenticated Order status page from order notifications for 3 weeks without logging in, when using the same browser session. When using different browser sessions, customers can access the pre-authenticated Order status page for 2 weeks without logging in, across a maximum of 5 different browser sessions. If this limit is exceeded, the customer will see the unauthenticated Order status page instead, and they’ll need to log in to view the order.
In the pre-authenticated state, customers can't access customer data or data from other orders. Because of this, extensions on the pre-authenticated Order status page shouldn't expose any data or actions outside the scope of the order that the customer is viewing.
Fully authenticated state
Anchor link to section titled "Fully authenticated state"When customers have a valid authentication session, they are considered fully authenticated. This authentication state has no restrictions or limitations for UI extensions.
Limitations
Anchor link to section titled "Limitations"Be aware of the following API access restrictions:
buyerIdentity.customer.id
is only exposed to extensions when the customer is logged in. This means that in the pre-authenticated state, you can't retrieve the customer's ID. This ensures that the data that is provided to extensions on this page is relevant only to the specific order being viewed.Storage access is scoped to the customer.
- For the pre-authenticated Order status page, storage access is scoped to the customer that's associated with the order.
- For the fully authenticated Order status page, storage access is scoped to the authenticated customer.
Customer Account API
Anchor link to section titled "Customer Account API"The Customer Account API can be accessed in the fully authenticated and pre-authenticated state. In the fully authenticated state, all fields are accessible as long as the app has the required access scope. Fields with the label pre-auth accessible
can be used in the query in the pre-authenticated state. Make sure there is a path from the query root to the field. Querying a field without the pre-auth accessible
label, in the pre-authenticated state, can lead to an “Access denied” error.
Order action menu extensions
Anchor link to section titled "Order action menu extensions"Customers must be fully authenticated to complete order actions built with order action menu extensions.
Order action menu extensions on the pre-authenticated Order status page prompt the customer to log in. After logging in, customers are returned to the fully authenticated Order status page, where the order action is automatically resumed.
For example, when an extension intends to open a modal, the modal is opened automatically when the customer returns to the Order status page after logging in.
The following video demonstrates a customer clicking an order action menu extension on the pre-authenticated Order status page:
Order action menu extensions on the fully authenticated Order status page trigger the action immediately, without prompting the customer to log in first.
The following video demonstrates a customer clicking an order action menu extension on the fully authenticated Order status page: