data-src=../../../../includes/saas-only.md

generateCustomerToken mutation

Use the generateCustomerToken mutation to create a new customer token.

To return or modify information about a customer, we recommend you use customer tokens in the header of your GraphQL calls. However, you also can use session authentication.

Using generateCustomerToken to log in as a customer

data-src=../../../../includes/saas-only.md

The Login as Customer workflow allows administrators to generate a one-time code (OTC) for a customer, then exchange it for a customer access token. This is useful for support sessions, admin UIs, scripts, or third-party integrations that need to act on behalf of a customer.

To log in as a customer, you must enable the customer account permission for remote shopping assistance.

To enable permission for remote shopping assistance with GraphQL for an existing customer account, use the updateCustomerV2 mutation.

Query (updateCustomerV2):

mutation {
  updateCustomerV2(input: { allow_remote_shopping_assistance: true }) {
    customer {
      allow_remote_shopping_assistance
    }
  }
}

After generating an OTC (from the Admin UI or REST API), you can use the generateCustomerToken mutation to exchange it for a customer access token.

The password argument is evaluated in the following order:

  1. Customer password (default) - The customer's account password.
  2. Customer Reset Password Token (one-time use) - A valid token from Forgot password (for example, the requestPasswordResetEmail mutation). Consumed on first use.
  3. Admin-generated OTC (one-time code) - A code generated by an admin for the customer through the REST API or Admin UI. One-time use, short-lived (30 seconds by default).

Syntax

mutation {
  generateCustomerToken(
    email: String!
    password: String!
  ) {
    token
  }
}

Reference

The generateCustomerToken reference provides detailed information about the types and fields defined in this mutation.

Example usage

The following call creates a new customer token.

Request:

mutation {
  generateCustomerToken(
    email: "bobloblaw@example.com"
    password: "b0bl0bl@w"
  ) {
    token
  }
}

Response:

{
  "data": {
    "generateCustomerToken": {
      "token": "ar4116zozoagxty1xjn4lj13kim36r6x"
    }
  }
}

Errors

Error
Description
Specify the "email" value.
The value specified in the email argument is empty.
Specify the "password" value.
The value specified value in the password argument is empty.
The account sign-in was incorrect or your account is disabled temporarily. Please wait and try again later.
Authentication error. The email or password is incorrect, or the customer account is locked.
This account isn't confirmed. Verify and try again.
Authentication error. The email account is not confirmed.