---
title: Customer Accounts MCP server
description: Learn how to use the Customer accounts MCP server tools to help customers manage their orders, returns, and account preferences.
source_url:
  html: https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account
  md: https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account.md
---

ExpandOn this page

* [Requirements](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#requirements)
* [Authentication](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#authentication)
* [Implementation](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#implementation)
* [Available tools](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#available-tools)
* [Error handling](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#error-handling)
* [Limit rates](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#limit-rates)

# Customer Accounts MCP server

Early access

The Customer accounts MCP server is currently available in early access only as part of Shopify's Next-Gen Dev Platform. To get started:

1. Visit the [Next-Gen Dev Platform](https://shopify.dev/beta/next-gen-dev-platform) page and [submit a request](https://forms.gle/8TYFJFs6obUk426V9) to join the invitation-only early access program.
2. Once you have submitted your Next-Gen Dev Platform application, you can request access to the Customer accounts MCP server by completing the [early access request form](https://forms.gle/2yh6m6nBoXA2A5q7A).

Our team will review your requests and follow up with next steps. Early access features are subject to change.

The Customer accounts MCP server provides tools for customer-specific actions, including order management and account details. Use this server when your AI assistant needs to handle authenticated customer requests, such as checking order status, retrieving order details, or managing account preferences.

***

## Requirements

* Your store must have a custom domain configured.
* Your app must meet [Shopify's protected customer data requirements](https://shopify.dev/docs/apps/launch/protected-customer-data).
* You must have completed the [customer accounts MCP integration steps](https://shopify.dev/docs/apps/build/storefront-mcp/build-storefront-ai-agent#\(optional\)-configure-customer-account-authentication).

### Endpoint

The MCP server endpoint is dynamically discovered from the shop's storefront domain. Use the discovery endpoint to get the correct MCP URL:

```javascript
// Discover the MCP endpoint from the shop's storefront domain
const discoveryResponse = await fetch(`https://${shopDomain}/.well-known/customer-account-api`);
const apiConfig = await discoveryResponse.json();


// Use the discovered MCP endpoint
const mcpEndpoint = apiConfig.mcp_api;
// Result: "https://{shopDomain}/customer/api/mcp"
```

***

## Authentication

The Customer accounts MCP server requires authentication via an OAuth 2.0 access token. You'll need to get this token using the authorization code grant flow with PKCE. Set up authentication by following these steps:

1. Update your app's toml file with the required customer authentication configuration and redirect URIs:

```toml
[access_scopes]
  scopes = "customer_read_customers, customer_read_orders..."


[customer_authentication]
  redirect_uris = [
    "https://your-app-domain.com/callback"
  ]
```

1. Deploy your application.
2. Request Level 2 protected customer data (PII) access from your [Shopify Partner dashboard](https://partners.shopify.com).
3. Install your app on the development store.
4. Get the customer accounts domain via a Storefront GraphQL request.
5. Implement the OAuth 2.0 authorization code flow with PKCE, using the OAuth discovery endpoint to get access tokens.
6. Authenticate your Customer Accounts MCP requests with the access token.

***

## Implementation

Integrate the `Customer accounts MCP server` with your AI shopping assistant by following these steps.

### Step 1: Check for unauthorized access

The authentication flow begins when your app attempts to access customer data without a valid access token. When the Customer accounts MCP server returns a `401 Unauthorized` response, you need to initiate the OAuth flow. Your app should:

* Discover the authentication endpoints from the shop's storefront domain:

  ```javascript
  // Discover OAuth endpoints from the storefront domain
  const oauthDiscoveryResponse = await fetch(`https://${shopDomain}/.well-known/openid-configuration`);
  const oauthConfig = await oauthDiscoveryResponse.json();


  // oauthConfig contains:
  // {
  //   "authorization_endpoint": "https://{shopDomain}/authentication/{shop_id}/oauth/authorize",
  //   "token_endpoint": "https://{shopDomain}/authentication/{shop_id}/oauth/token",
  //   ...
  // }
  ```

### Step 2: Construct the authorization request

Build an OAuth 2.0 authorization request using the [PKCE authorization code flow](https://datatracker.ietf.org/doc/html/rfc7636):

```javascript
// Authorization URL format
const params = new URLSearchParams({
  // Your AppID serves as the OAuth client_id
  client_id: 'YOUR_APP_ID',
  // Must match the one in your TOML unless local development where
  // you can use localhost in the request
  redirect_uri: 'YOUR_REDIRECT_URI',
  response_type: 'code',
  // The scopes from your TOML file
  scope: 'customer-account-mcp-api:full',
  // 16-byte hex for CSRF protection
  state: 'RANDOM_HEX',
  // SHA256 hashed and base64URL encoded
  code_challenge: 'PKCE_CHALLENGE',
  code_challenge_method: 'S256'
});


// Build the full authorization URL using the discovered endpoint
const authUrl = `${oauthConfig.authorization_endpoint}?${params}`;


// Redirect the user to start the OAuth flow
window.location.href = authUrl;
```

### Step 3: Handle the callback

After the user authenticates, handle the callback by:

1. Receiving the authorization code at your registered redirect URI.
2. Exchanging this code (with the original `code_verifier`) for an access token using the `token_endpoint` value from the OAuth discovery response (`oauthConfig.token_endpoint`).
3. Storing the access token securely for future API requests.

### Step 4: Retry the original request

Use the access token to retry your original MCP request:

```javascript
const headers = {
  'Authorization': 'YOUR_ACCESS_TOKEN',
  'Content-Type': 'application/json'
};


// Use the discovered MCP endpoint
const mcp_url = apiConfig.mcp_api;
const request_data = {
  // Request parameters here
};


fetch(mcp_url, {
  method: 'POST',
  headers,
  body: JSON.stringify(request_data)
});
```

### Step 5: Deploy your app and restart the server

After configuring customer accounts authentication, deploy your app and restart the server to apply the changes:

```terminal
shopify app deploy
shopify app dev --use-localhost
```

***

## Available tools

The Customer MCP server provides a set of tools for managing customer accounts and orders. Use the `tools/list` command to discover available tools and their capabilities. Each tool is documented with a complete schema that defines its parameters, requirements, and response format.

### Understanding tool schemas

Each tool provides a JSON schema that defines:

* Required and optional parameters
* Data types and formats
* Validation rules and constraints
* Enumerated values where applicable
* Response schema

Tools follow these common patterns:

* IDs follow the format `gid://shopify/<Type>/<id>`
* Order numbers may include an optional `#` prefix
* Quantities are positive integers
* Dates are in ISO 8601 format
* Monetary amounts include currency codes

You can introspect the tools schema with the `tools/list` command.

***

## Error handling

All MCP Customer Accounts API tools use consistent error-handling patterns:

* Validation errors: Return specific, descriptive error messages.
* Processing errors: Return `Unable to process the request, try again`.
* Resource not found errors: Return clear messages about the missing resource (such as `Order not found with number: {order_number}`).

***

## Limit rates

These tools follow [standard API rate limiting](https://shopify.dev/docs/api/usage/limits#rate-limits) policies. Make sure you handle rate limit responses appropriately.

***

* [Requirements](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#requirements)
* [Authentication](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#authentication)
* [Implementation](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#implementation)
* [Available tools](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#available-tools)
* [Error handling](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#error-handling)
* [Limit rates](https://shopify.dev/docs/apps/build/storefront-mcp/servers/customer-account#limit-rates)