exchangeOtpForCustomerToken mutation

The exchangeOtpForCustomerToken mutation allows you to specify a shopper's email address and one-time password (OTP) and receive a customer token in exchange. This mutation is typically used in scenarios where a customer needs to authenticate using an OTP sent to their email or phone.

Upon successful exchange, the module invalidates the OTP so it cannot be reused. The endpoint also integrates with reCAPTCHA configuration to mitigate automated abuse.

Syntax

mutation: { exchangeOtpForCustomerToken(email: String!, otp: String!) {CustomerToken}}

Example usage

The following example uses the specified email and one-time password (OTP) to return a customer token.

Request:

mutation {
  exchangeOtpForCustomerToken(
    email: "customer@example.com"
    otp: "gTQySBnj2w4ql9EL6XdnF267mzkK3cQG"
  ) {
    token
  }
}
Copied to your clipboard
mutation {
  exchangeOtpForCustomerToken(
    email: "customer@example.com"
    otp: "gTQySBnj2w4ql9EL6XdnF267mzkK3cQG"
  ) {
    token
  }
}

Response:

{
  "data": {
    "exchangeOtpForCustomerToken": {
      "token": "<customer-access-token>"
    }
  }
}
Copied to your clipboard
{
  "data": {
    "exchangeOtpForCustomerToken": {
      "token": "<customer-access-token>"
    }
  }
}

customer query

exchangeExternalCustomerToken

generateCustomerToken

Last updated 10/30/2025

Was this helpful?

Yes

exchangeOtpForCustomerToken mutation

Syntax.css-83mclq{margin-left:var(--spectrum-global-dimension-size-100);}

Example usage

Related topic

Syntax