> ## Documentation Index
> Fetch the complete documentation index at: https://developers.appstle.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Generate customer portal authentication token

> Generates an authentication token for customer portal access using either customer ID or email address. This token can be used to create magic links or authenticate API requests on behalf of a customer.

**Key Features:**
- **Flexible Lookup**: Find customer by Shopify customer ID OR email address
- **JWT Token**: Returns cryptographically secure JSON Web Token
- **Portal Access**: Token grants access to customer subscription management portal
- **API Authentication**: Can be used in subsequent API calls for customer-specific operations
- **Time-Limited**: Token expires after configured duration (default: 24-72 hours)

**Request Parameters:**
Provide **either** customerId OR email (not both):
- **customerId**: Shopify customer ID (numeric string, e.g., "6789012345")
- **email**: Customer's email address as registered in Shopify

**Response Contains:**
- **customerId**: Shopify customer ID associated with the token
- **token**: JWT authentication token for portal access
- **shop**: Store domain the customer belongs to
- **expiresAt**: Token expiration timestamp (ISO 8601)

**Common Use Cases:**
- Generate token to construct customer portal magic links
- Authenticate customer in headless commerce implementations
- Validate customer identity before allowing subscription changes
- Create custom portal integrations with embedded authentication
- Server-side customer lookup when only email is available
- Build custom subscription management UIs with API authentication
- Integrate with external CRM systems requiring customer tokens

**Token Usage:**
Once generated, the token can be:
1. Embedded in magic link URLs: `https://portal.example.com?token={token}`
2. Used as Bearer token in Authorization headers for API calls
3. Stored temporarily for customer session management
4. Passed to frontend applications for customer-specific operations

**Security Best Practices:**
- Never expose tokens in client-side logs or browser storage
- Transmit tokens only over HTTPS
- Implement token rotation for long-lived sessions
- Validate token expiration before use
- Revoke tokens when customer logs out or changes credentials

**Error Handling:**
- If neither customerId nor email is provided, returns 400 Bad Request
- If both customerId and email are provided, customerId takes precedence
- If customer not found, returns 404 Not Found
- Invalid email format returns 400 Bad Request

**Authentication:** Requires API key authentication via X-API-Key header or api_key parameter



## OpenAPI

````yaml /memberships/admin-api-swagger.json get /api/external/v2/customer-portal-token
openapi: 3.0.1
info:
  description: >-
    Comprehensive API documentation for managing memberships, payments, and
    related operations. These APIs allow you to programmatically manage
    membership lifecycles, handle payments, configure products, and integrate
    membership functionality into your applications.
  title: Admin APIs
  version: 0.0.1
servers:
  - url: https://membership-admin.appstle.com
security: []
tags:
  - description: >-
      APIs for managing Shopify delivery profiles, shipping rates, zones, and
      free shipping configuration for subscription memberships
    name: Shipping & Delivery Profiles
  - description: >-
      APIs for retrieving historical discount code usage and redemption
      information for membership contracts
    name: Customer Discount History
  - description: >-
      APIs for managing membership cancellation flow settings including
      retention offers, survey questions, and cancel confirmation screens
    name: Cancellation Flow Configuration
  - description: >-
      APIs for managing membership billing attempts, recurring orders, payment
      retries, order history, and order skipping
    name: Billing & Orders
  - description: >-
      APIs for managing one-time product additions to upcoming subscription
      orders, including adding, retrieving, and removing one-off items
    name: One-Time Add-Ons
  - description: >-
      APIs for managing membership/subscription plan groups, including creating
      plans, configuring discounts, billing intervals, and assigning products to
      plans
    name: Membership Plans
  - description: >-
      APIs for managing subscription product bundles, bundle configurations,
      item grouping, and bundle-specific discount codes
    name: Product Bundles
  - description: >-
      APIs for retrieving custom CSS styles applied to subscription widgets and
      customer portal for theme customization
    name: Custom CSS Styling
  - description: >-
      APIs for managing customer portal settings including UI customization,
      text labels, feature toggles, and branding options for the member
      self-service portal
    name: Customer Portal Configuration
  - description: >-
      APIs for managing membership/subscription contracts including creation,
      updates, status changes, line items, discounts, and billing operations
    name: Membership Contracts
  - description: >-
      APIs for managing subscription bundle configuration settings including
      bundle behavior, pricing rules, and display options
    name: Bundle Settings
  - description: >-
      APIs for managing customer payment methods, payment tokens, and payment
      method retrieval for subscriptions
    name: Customer Payment Methods
  - description: >-
      APIs for retrieving product swap/substitution options allowing members to
      exchange subscription items based on configured swap rules and variant
      groups
    name: Product Swap Rules
  - description: >-
      APIs for retrieving product catalog, variants, pricing, and inventory
      information for subscription memberships.
    name: Product & Inventory Data
  - description: >-
      APIs for managing shop-level membership settings, configuration, and
      general store information.
    name: Shop Settings
  - description: >-
      APIs for performing bulk/mass operations on multiple membership contracts
      including status updates, product replacements, and billing date changes.
    name: Bulk Operations
paths:
  /api/external/v2/customer-portal-token:
    get:
      tags:
        - Membership Contracts
      summary: Generate customer portal authentication token
      description: >-
        Generates an authentication token for customer portal access using
        either customer ID or email address. This token can be used to create
        magic links or authenticate API requests on behalf of a customer.


        **Key Features:**

        - **Flexible Lookup**: Find customer by Shopify customer ID OR email
        address

        - **JWT Token**: Returns cryptographically secure JSON Web Token

        - **Portal Access**: Token grants access to customer subscription
        management portal

        - **API Authentication**: Can be used in subsequent API calls for
        customer-specific operations

        - **Time-Limited**: Token expires after configured duration (default:
        24-72 hours)


        **Request Parameters:**

        Provide **either** customerId OR email (not both):

        - **customerId**: Shopify customer ID (numeric string, e.g.,
        "6789012345")

        - **email**: Customer's email address as registered in Shopify


        **Response Contains:**

        - **customerId**: Shopify customer ID associated with the token

        - **token**: JWT authentication token for portal access

        - **shop**: Store domain the customer belongs to

        - **expiresAt**: Token expiration timestamp (ISO 8601)


        **Common Use Cases:**

        - Generate token to construct customer portal magic links

        - Authenticate customer in headless commerce implementations

        - Validate customer identity before allowing subscription changes

        - Create custom portal integrations with embedded authentication

        - Server-side customer lookup when only email is available

        - Build custom subscription management UIs with API authentication

        - Integrate with external CRM systems requiring customer tokens


        **Token Usage:**

        Once generated, the token can be:

        1. Embedded in magic link URLs:
        `https://portal.example.com?token={token}`

        2. Used as Bearer token in Authorization headers for API calls

        3. Stored temporarily for customer session management

        4. Passed to frontend applications for customer-specific operations


        **Security Best Practices:**

        - Never expose tokens in client-side logs or browser storage

        - Transmit tokens only over HTTPS

        - Implement token rotation for long-lived sessions

        - Validate token expiration before use

        - Revoke tokens when customer logs out or changes credentials


        **Error Handling:**

        - If neither customerId nor email is provided, returns 400 Bad Request

        - If both customerId and email are provided, customerId takes precedence

        - If customer not found, returns 404 Not Found

        - Invalid email format returns 400 Bad Request


        **Authentication:** Requires API key authentication via X-API-Key header
        or api_key parameter
      operationId: getCustomerPortalToken
      parameters:
        - description: API Key (Deprecated - Use Header X-API-Key instead)
          in: query
          name: api_key
          required: false
          schema:
            type: string
        - in: header
          name: X-API-Key
          required: false
          schema:
            type: string
        - description: Shopify customer ID (provide either customerId OR email)
          example: 6789012345
          in: query
          name: customerId
          required: false
          schema:
            type: string
        - description: Customer email address (provide either customerId OR email)
          example: customer@example.com
          in: query
          name: email
          required: false
          schema:
            type: string
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CustomerTokenInfo'
          description: >-
            Customer portal token generated successfully, returns customer ID
            and authentication token
        '400':
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/CustomerTokenInfo'
          description: >-
            Invalid request - customer ID or email not provided, or customer not
            found
        '401':
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/CustomerTokenInfo'
          description: Authentication required - invalid or missing API key
        '404':
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/CustomerTokenInfo'
          description: Customer not found with provided ID or email
components:
  schemas:
    CustomerTokenInfo:
      properties:
        customerId:
          format: int64
          type: integer
        token:
          type: string
      type: object

````