GraphQL Storefront API: Customers
GraphQL Storefront API: Customers
BigCommerce’s GraphQL Storefront API Customers powers access to customer objects such as the ability to update a customer, get a customer address book, reset a password, and more. Developers can use GraphQL Storefront API to create an end-to-end shopper experience and manage some customer account use cases.
Customer mutations and queries can do the following:
- Register a customer
- Update a customer
- Add a customer address
- Update a customer address
- Delete a customer address
- Change a customer password
- Request a password reset
- Reset a password
- Get a customer address book
- Get a customer’s stored payment instruments
When you register, change, or reset a password, you can validate it using the password complexity requirements under the CustomersSettings node before submitting the desired password to the BigCommerce platform.
Tokens
To make requests, create a store-level or app-level API account with one or more of the following token creation OAuth scopes:
No additional scopes are required to use the GraphQL Storefront API. For more information, see token creation OAuth scopes.
To authenticate calls to the GraphQL Storefront API, your application can generate a bearer token. This can be done by using either the Create a storefront token or the Create a customer impersonation token REST endpoint. On a Stencil storefront, you can also access a token directly from the page context. Learn more about Using auto-generated tokens in Stencil themes.
For more information, see Creating a token in the GraphQL Storefront API Overview and Dynamic tokens in the Authentication and Example Requests article.
reCAPTCHA
Captcha is not required when the reCAPTCHA is disabled in the control panel. Be sure to use a valid user verification response reCAPTCHA token if reCAPTCHA is enabled.
Customer impersonation tokens do not require the use of reCAPTCHA even when the reCAPTCHA setting is enabled. You can bypass the reCAPTCHA and it will still function. Note, if reCAPTCHA is provided it must be valid, otherwise it will be rejected.
Example queries and mutations
Register a customer
Register a customer using the form field configuration set up in the control panel for both the account signup and address fields.
Request
Response
Update a customer
Update customer information, except for password and address. Use either resetPassword, or changePassword to reset or update the user password.
Request
Response
Add a customer address
The BigCommerce platform can support and store plenty of addresses per customer. Use the addCustomerAddress to include multiple addresses to the customer account. Similar to registerCustomer, add CustomerAddress using the form field configuration set up in the control panel for address fields.
Request
Response
Update a customer address
Use this updateCustomerAddress mutation when a customer needs to make changes to an address associated with their account.
Request
Response
Delete a customer address
Use this delete mutation when a customer needs to delete an address associated with their account.
Request
Response
Change a customer password
Use the changePassword mutation in cases where the customer needs to update their password. The user must know their current password in order to complete the change.
Request
Request a password reset
A customer can request a password reset using the requestResetPassword mutation example as seen below.
Request
Response
Reset a password
When a customer needs a password reset, use the resetPassword example mutation to complete the reset.
Request
Get a customer address book
Use this query to view all the addresses a customer has added to their account.
Request
Get a customer’s stored payment instruments
Use the storedPaymentInstruments field on the Customer type to list the payment instruments a customer has saved, such as cards, PayPal accounts, and bank accounts.
This field requires a valid customer JWT. Use a customer impersonation token, or a token retrieved while a customer is logged in to the storefront. For unauthenticated requests, the parent customer query resolves to null, so no instruments are returned.
The connection returns one StoredPaymentInstrument per edge. Each instrument’s details field is a StoredPaymentInstrumentDetails union — use inline fragments (... on StoredCard, ... on StoredPaypalAccount, ... on StoredBankAccount) to select the type-specific fields. The connection also exposes defaultStoredPaymentInstrumentToken, the token of the customer’s default instrument when one is set.
The connection follows the Relay cursor connection spec. Page through results with the first/after (forward) or last/before (backward) arguments, and read pageInfo to determine whether more pages are available and which cursors to request next. Each edge’s cursor is the value to pass to after (or before) to continue paging from that instrument.
To narrow the result set to specific payment methods, pass the filters argument with one or more paymentMethodIds (for example, ["braintree.credit_card", "braintree.paypal"]). An empty or omitted list returns all instruments.
The example below requests the first 10 instruments after a given cursor, filtered to cards and PayPal accounts, and selects the full set of fields available on each instrument type.
Request
Response
Join our Developer community to share your feedback with us in the BigCommerceDevs Slack or on our Discord server.
Resources
Documentation
- GraphQL Storefront API overview
- Guide to API Accounts: Store-level API accounts
- Guide to API accounts: OAuth token creation scopes
- Authentication and example requests: BigCommerce-generated JWTs