Customer Account API and Storefront API problem

Retired Boards Appdev Authentication
,

Topic summary

Issue: A headless Shopify app uses SSO via the Customer Account API and can query that API after getting a customer access token. The team also needs to access the Storefront API (e.g., to retrieve customer orders) and found the mutation storefrontCustomerAccessTokenCreate.

Key questions:

  • Does storefrontCustomerAccessTokenCreate create a Storefront API customerAccessToken derived from the Customer Account API token (SSO), enabling Storefront API queries without username/password?
  • Can customer information and orders be queried in the Storefront API using a token generated from the Customer Account API, instead of obtaining a Storefront customerAccessToken via username/password?
  • What is the intended purpose of storefrontCustomerAccessTokenCreate?

Context: Storefront API typically requires a customerAccessToken created with username/password. The team wants an SSO-based flow to avoid credential-based login for Storefront API.

Status: Seeking clarification; no responses or resolution yet.

Summarized with AI on December 26. AI used: gpt-5.
1

Hello All,

We are developing a Headless app with Shopify as a commerce engine. We want to use the SSO and we are using the Customer Account API. In this API, after obtaining access token we can easily query to Customer Account API.
Additionally we are trying to query and use Storefront API. We have noticed in documentation mutation: storefrontCustomerAccessTokenCreate.

We believed that this mutation is to create the Storefront Access Token (to query Storefront API) based on the customer access token. We would like to use this access token to query customer orders from Storefront API (Not customer api - we know it is possible). To get customer from storefront API we need to have customerAccessToken, which in storefront is accessible passing username and password. Is it somehow possible to get the customer information from Storefront API using access token generated from storefrontCustomerAccessTokenCreate in Customer API? What storefrontCustomerAccessTokenCreate mutation is used for?

Regards,
Kurczak

1 Like