Migrate shop - create customers with password, using bcrypt

New Member
1 0 0


I've found that in order to import customer, can be done through import option (csv) from admin or through API Customer. In the migrate process we need to send password for users, that is possible through API.

POST /admin/api/2021-04/customers.json

  "customer": {
    "first_name": "Steve",
    "last_name": "Lastnameson",
    "email": "steve.lastnameson@example.com",
    "phone": "+15142546011",
    "verified_email": true,
    "addresses": [
        "address1": "123 Oak St",
        "city": "Ottawa",
        "province": "ON",
        "phone": "555-1212",
        "zip": "123 ABC",
        "last_name": "Lastnameson",
        "first_name": "Mother",
        "country": "CA"
    "password": "newpass",
    "password_confirmation": "newpass",
    "send_email_welcome": false

 Current passwords (over 50000), in actual website, are hashed using bcrypt and therefor I can't 'decrypt' them in order to use as plain text in migrate process. I've read that shopify also uses bcrypt for passwords and the decrypt process can occur without intervention if I can send the passwords already hashed.

How can I send the passwords 'bcryped' in order to avoid mass password reset/forget/invite?

Can I force the customer after first login to change password?

An invite email (/admin/api/2021-04/customers/{customer_id}/send_invite.json ) can contain a forget password link? If so, how long is valid and how can I generate it through API.

Send invite email has expire date?

An activation email (/admin/api/2021-04/customers/{customer_id}/account_activation_url.json ) can be send only if the send_invite was send?

What are the steps provided for the customers after accessing the activation link (setting an password if not provided in import)?


Thank you in advance for the support.