Getting started with the Customer Account API

In this tutorial, you'll learn how to do the following tasks:

• Enable Customer Account API access on the Headless and Hydrogen sales channels
• Manage permissions
• Set up your client application settings
• Perform authorization requests
• Make queries
• Rotate credentials

• You have Apps and channels permissions on the Shopify store that you're working with.
• You have installed the Headless or Hydrogen sales channel from the Shopify App Store.

To use the Customer Account API, you first need to enable it and get your access credentials.

1. From your Shopify admin, under Sales channels, click Headless or Hydrogen.
2. Select your storefront.
3. Complete one of the following steps:
   • If you selected Headless, then navigate to Customer Account API settings.
   • If you selected, Hydrogen, then navigate to Storefront settings.
4. Optional: Modify the client type.
   • Public clients: For applications that are strictly client-side, or that don't have a server-side session where to store the refresh token safely (for example, SPA, mobile applications, or Hydrogen).
   • Confidential clients: For applications that have a back-end to perform the authorization request and a server-side session to hold the refresh token (for example, Express.js, ASP.NET, or Rails).
5. From the Credentials section, copy the client ID (and client secret, if applicable) to use in your requests.

Managing permissions controls what your custom storefront can display from your Shopify store.

1. From the Permissions section, click Edit.
2. Select the permissions for the storefront.
3. Click Save.

Shopify's new customer account experience is required to use the Customer Account API. New customer accounts allow you to seamlessly persist customer logins across online store, Hydrogen, and checkout.

1. From your Shopify admin, click Settings.
2. Click Customer accounts
3. Under Accounts in online store and checkout section, click on Edit
4. Choose New customer accounts
5. Click Save.

You can specify the following client application settings:

• Callback URL(s): The allowable list of URLs to redirect to after logging in.
• Javascript origin(s): Specifies the origins that are allowed to use a client's OAuth credentials in a JavaScript application. Applies to public client types.
• Logout URL (Optional): The URL to redirect to after logging out.

Before you make requests to the Customer Account API, you need to set up the following, depending on your client type:

• Public clients: Implement the code challenge and verifier.
• Confidential clients: Specify an Authorization Header.

To learn more about how to set up request headers for your development framework, refer to the Customer Account API reference.

After you've completed the authorization flow for the Customer Account API and you have a token from a logged-in customer, you can make queries using the Customer Account API.

For an example of how to use the Customer Account API with a Hydrogen storefront, refer to the Using Customer Account API with Hydrogen tutorial and consult the Customer Account API reference for available objects, queries, and mutations.

1. In the Credentials section, under Rotate credentials, click Generate new credentials.
2. Update any applications or scripts with the new credentials. The old credentials remain valid until you revoke them.
3. When all applications or scripts have been updated, click Revoke next to the old credentials.
4. When prompted, click Revoke credentials.

• Follow the Using Customer Account API with Hydrogen tutorial.
• Learn more about the Customer Account API.