> ## Documentation Index
> Fetch the complete documentation index at: https://developers.appstle.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Initiate Customer Account API OAuth flow

> Initiates the OAuth 2.0 authorization flow for Shopify's Customer Account API. This endpoint is used when a customer wants to grant the subscription app access to their Shopify customer account data.

**What is Customer Account API?**
Shopify's Customer Account API allows apps to access customer data (orders, addresses, payment methods) on behalf of the customer. This requires customer consent through an OAuth flow.

**How it works:**
1. Customer portal calls this endpoint with a return URL
2. Backend generates PKCE challenge and state parameter
3. Returns authorization URL to redirect customer to Shopify
4. Customer authorizes on Shopify
5. Shopify redirects back to callback endpoint with authorization code
6. Callback endpoint exchanges code for access token

**Important Notes:**
- Requires customer to be logged in to the Shopify store
- Only works with stores that have 'New Customer Accounts' enabled
- Uses PKCE (Proof Key for Code Exchange) for security
- State parameter prevents CSRF attacks
- Access tokens are stored securely and used for subsequent Customer Account API calls

**Authentication:** Customer must be logged in via Shopify customer session



## OpenAPI

````yaml /subscription/storefront-api-swagger.json post /subscriptions/cp/api/customer-account-api/initiate
openapi: 3.0.1
info:
  description: >-
    Comprehensive API documentation for the customer-facing subscription portal.
    These APIs enable customers to manage their subscriptions, update billing
    information, modify delivery schedules, and access their account details
    through your storefront.


    **Important**: These APIs must be called from your shop's domain (e.g.,
    https://www.myshop.com/apps/subscriptions/cp/api/**) and require customer
    authentication. Unauthenticated requests will return a 401 Unauthorized
    error.
  title: Storefront APIs
  version: 0.0.1
servers:
  - url: https://www.myshop.com/apps
security: []
tags:
  - description: >-
      Core customer portal APIs for managing customer account settings,
      authentication, and portal configurations.
    name: Customer Portal
  - description: >-
      APIs for customers to view and manage their subscription contracts
      including status updates, frequency changes, and cancellations.
    name: Subscription Management
  - description: >-
      APIs for retrieving and updating subscription contract details — delivery
      schedules, line items, addresses, billing cycles.
    name: Subscription Contracts
  - description: >-
      APIs for retrieving available subscription plans and selling plan
      configurations exposed to customers.
    name: Subscription Plans
  - description: >-
      APIs for managing one-time add-on products that can be purchased alongside
      recurring subscription items.
    name: Subscription One-Time Products
  - description: >-
      APIs for retrieving aggregated subscription data and account-level
      subscription information for the signed-in customer.
    name: Subscription Data
  - description: >-
      APIs for managing customizable product boxes and bundles where customers
      can select multiple items.
    name: Build-a-Box & Bundles
  - description: >-
      APIs for managing payment methods, billing information, and processing
      subscription payments.
    name: Billing & Payments
  - description: >-
      APIs for retrieving product information, selling plans, variant data, and
      subscription-enabled products available to customers.
    name: Product Catalog
  - description: >-
      APIs for managing delivery schedules, shipping addresses, delivery
      methods, and tracking order status.
    name: Delivery & Shipping
  - description: >-
      APIs for handling subscription cancellations, retention activities, and
      customer feedback management.
    name: Customer Retention
  - description: >-
      APIs for integrating loyalty programs with subscriptions including points
      redemption and earning options.
    name: Loyalty Integration
  - description: >-
      APIs for accessing portal customization settings, translations, and theme
      configurations.
    name: Customization
  - description: >-
      APIs for retrieving promotional campaigns shown in the customer portal,
      tracking banner engagement, and redeeming campaign offers.
    name: Campaigns
  - description: >-
      APIs for local pickup and click-and-collect — listing pickup locations and
      resolving eligible pickup dates and time slots.
    name: Store Pickup
paths:
  /subscriptions/cp/api/customer-account-api/initiate:
    post:
      tags:
        - Customer Portal
      summary: Initiate Customer Account API OAuth flow
      description: >-
        Initiates the OAuth 2.0 authorization flow for Shopify's Customer
        Account API. This endpoint is used when a customer wants to grant the
        subscription app access to their Shopify customer account data.


        **What is Customer Account API?**

        Shopify's Customer Account API allows apps to access customer data
        (orders, addresses, payment methods) on behalf of the customer. This
        requires customer consent through an OAuth flow.


        **How it works:**

        1. Customer portal calls this endpoint with a return URL

        2. Backend generates PKCE challenge and state parameter

        3. Returns authorization URL to redirect customer to Shopify

        4. Customer authorizes on Shopify

        5. Shopify redirects back to callback endpoint with authorization code

        6. Callback endpoint exchanges code for access token


        **Important Notes:**

        - Requires customer to be logged in to the Shopify store

        - Only works with stores that have 'New Customer Accounts' enabled

        - Uses PKCE (Proof Key for Code Exchange) for security

        - State parameter prevents CSRF attacks

        - Access tokens are stored securely and used for subsequent Customer
        Account API calls


        **Authentication:** Customer must be logged in via Shopify customer
        session
      operationId: initiateOAuth
      requestBody:
        content:
          application/json:
            examples:
              Initiate OAuth Request:
                description: Initiate OAuth Request
                value:
                  returnUrl: https://myshop.com/account/subscriptions
            schema:
              $ref: '#/components/schemas/InitiateOAuthRequest'
        description: OAuth initiation request with return URL
        required: true
      responses:
        '200':
          content:
            application/json:
              examples:
                Success Response:
                  description: Success Response
                  value:
                    authorizationUrl: >-
                      https://shopify.com/12345/auth/oauth/authorize?client_id=...
                    state: random-state-value-for-csrf-protection
          description: OAuth flow initiated successfully
        '401':
          content:
            '*/*':
              schema:
                additionalProperties:
                  type: object
                type: object
          description: Customer not logged in
        '503':
          content:
            application/json:
              example:
                error: oidc_discovery_failed
                message: >-
                  Customer Account API is not available for this shop. Please
                  ensure New Customer Accounts is enabled.
          description: >-
            Customer Account API not available - New Customer Accounts not
            enabled
components:
  schemas:
    InitiateOAuthRequest:
      properties:
        returnUrl:
          type: string
      type: object

````