Update customer's password using Admin API

DeveshVasnani
New Member
1 0 0

We are developing a feature where we require a functionality to update Shopify customer's password from Admin API. We looked into forums about this and found out that the 'update customer' allows us to do that. However, it is not something which is documented in Shopify Admin REST API reference. https://shopify.dev/api/admin/rest/reference/customers/customer#update-2021-07

My question is, are you planning to have a long term support for this functionality or is it something which can be removed in upcoming days?

Replies 2 (2)
csam
Shopify Staff
Shopify Staff
267 40 43

Hi @DeveshVasnani 

Updating a customer password is actually not supported via the Admin API. The closest thing is that it is possible to trigger the password reset email to be sent to the customer via the Storefront API - https://shopify.dev/api/storefront/reference/customers/customerrecover

CS | API Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

davem2
Shopify Partner
5 0 1

Important to note, however, is that the Storefront API is rate-limited by IP address and also seems to have some undocumented logic which limits the number of recovery requests by IP. Which means that if you are initiating this recovery from your server, you can quickly exhaust the limits and effectively block all users from  resetting their passwords. If this recovery process is user-driven (clicking a button on your app which is proxied to your server), this exposes a Denial-Of-Service security hole. (We are hitting this issue ourselves and wish there were an Admin API way of doing this.)