Account Activation URL via REST API redirect to invalid_token page

Retired Boards Appdev Customers Discounts And Orders

Topic summary

The REST API account_activation_url.json endpoint was returning URLs that redirected to /account/invalid_token, displaying a password reset error instead of allowing account activation. This issue affected customers created manually through Shopify admin (not via API) on classic customer accounts.

Root Cause Identified:
The problem stemmed from implementing customer/create and customer/update webhooks that both generated activation URLs simultaneously. When these webhooks fired nearly at the same time (within seconds), multiple activation URLs were created for the same customer, causing all URLs to fail and preventing generation of valid activation URLs afterward.

Resolution:

  • Added a delay (sleep) in the customer/update webhook implementation to ensure it processes after customer/create completes
  • Updated webhook logic to process only necessary create/update events, avoiding duplicates
  • This workaround addresses the timing issue when manual customer creation triggers both webhooks in rapid succession

Status: Issue resolved through webhook timing adjustments.

Summarized with AI on November 15. AI used: claude-sonnet-4-5-20250929.
1

Hi There

We have been having issues recently with the REST API account_activation_url.json endpoint.
The endpoint returns a URL, but the URL redirect to /account/invalid_token path and shows the login page with a “Password reset error.” at the top.

We noticed that we have this error with some customers account when we create these customer’s accounts manually from the shopify administration.

Thank you for your support in advance.

Cheers
Eric

1 Like
2

Hi Eric,

So this is only happening for customers that are not created via the API? Are you using the new customer accounts on this store?

3

Hi Liam,

Thank you for your message.

Yes that’s right, it happens with customer that are not created via the API (manually by our team from the Shopify administration page).

We are using the ‘classic’ customer accounts, below the settings:

Eric_Maroubra_0-1698839304382.png
Eric_Maroubra_0-1698839304382.png1782×626 49.1 KB

4

I have just noticed that the activation url which is sent over within the Shopify Account Invite email does not work either. Same issue, it redirects to /account/invalid_token.

Any thoughts on this?

Thanks all

5

The issue was actually due to the fact that we’ve implemented a customer/create and a customer/update webhooks, and these webhooks were generating these activation urls via the Shopify API, and we were dealing with duplicates or customer create and customer update received almost at the same time (within a second). Hence, activation urls were created at the same time for the same customer, the consequence was that any of the activation urls were working, and from that point, it was impossible to get any vcalid activation urls (as if something got stuck in Shopify for this particular customer…).
We are updated our webhook implementation so that we only process customer create and/or update events if required.
Because we were receiving the customer/update webhook a few milliseconds following the customer/create upon the manual creation of a customer in Shopify when you set some metafields to the customer, we had to use a little hack, we had to add a sleep of a few seconds in the implementation of the customer/update to make sure that we will process the update after the customer/create is processed.

6

Hi again Eric,

Glad to hear you managed to figure this out, and that you’ve updated how invites are managed. Thanks for coming back and letting the community know what the issue was!