External (0.0.1)

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude
• Connect to Cursor

  Install MCP server on Cursor
• Connect to VS Code

  Install MCP server on VS Code

Generates a secure, time-limited magic link that allows customers to access and manage their subscriptions. This passwordless authentication link directs customers to the subscription management portal.

Magic Link Features:

• Passwordless Access: No login credentials required, link serves as authentication
• Time-Limited: Link expires after configured duration (typically 24-72 hours)
• Single Customer: Link is bound to specific customer ID, cannot be reused for others
• Secure Token: Uses cryptographically secure JWT tokens for authentication
• Customer Portal: Directs to full-featured self-service subscription portal

Returned Information:

• Magic Link URL: Full URL to customer portal with embedded authentication token
• Token: JWT token value (can be used separately if needed)
• Expiration Time: When the magic link will expire (ISO 8601 format)
• Customer ID: Shopify customer ID the link is generated for
• Shop Domain: Store domain where subscriptions are hosted

Customer Portal Capabilities (via Magic Link):

• View all active and paused subscription contracts
• Update shipping address for upcoming deliveries
• Change payment method for future billing
• Pause or resume subscription deliveries
• Skip upcoming delivery orders
• Modify delivery frequency (e.g., monthly to bi-monthly)
• Add or remove products from subscription
• Swap product variants (size, flavor, color)
• Cancel subscription with reason feedback
• View order history and upcoming deliveries
• Apply discount codes to subscription

Common Use Cases:

• Send magic link via email for customer self-service
• Include link in transactional emails (order confirmation, shipping notices)
• Customer support: provide link to customers over phone/chat
• Embed link in customer account page or dashboard
• Automated email campaigns for subscription management reminders
• Post-purchase flows to encourage subscription modifications
• Win-back campaigns: send magic link to cancelled/paused customers

Security Notes:

• Links are single-use per session (new token generated each time)
• Tokens include shop and customer validation to prevent tampering
• Expired links automatically redirect to token request page
• Links should be sent via secure channels (HTTPS, encrypted email)

Integration Best Practices:

• Always send magic links via email or SMS (don't display on public pages)
• Set appropriate expiration time based on use case
• Include clear call-to-action in emails ("Manage Your Subscription")
• Handle expired tokens gracefully with re-send functionality
• Track magic link generation for security audit logs

Authentication: Requires API key authentication via X-API-Key header or api_key parameter

Generates an authentication token for customer portal access using either customer ID or email address. This token can be used to create magic links or authenticate API requests on behalf of a customer.

Key Features:

• Flexible Lookup: Find customer by Shopify customer ID OR email address
• JWT Token: Returns cryptographically secure JSON Web Token
• Portal Access: Token grants access to customer subscription management portal
• API Authentication: Can be used in subsequent API calls for customer-specific operations
• Time-Limited: Token expires after configured duration (default: 24-72 hours)

Request Parameters: Provide either customerId OR email (not both):

• customerId: Shopify customer ID (numeric string, e.g., "6789012345")
• email: Customer's email address as registered in Shopify

Response Contains:

• customerId: Shopify customer ID associated with the token
• token: JWT authentication token for portal access
• shop: Store domain the customer belongs to
• expiresAt: Token expiration timestamp (ISO 8601)

Common Use Cases:

• Generate token to construct customer portal magic links
• Authenticate customer in headless commerce implementations
• Validate customer identity before allowing subscription changes
• Create custom portal integrations with embedded authentication
• Server-side customer lookup when only email is available
• Build custom subscription management UIs with API authentication
• Integrate with external CRM systems requiring customer tokens

Token Usage: Once generated, the token can be:

1. Embedded in magic link URLs: https://portal.example.com?token={token}
2. Used as Bearer token in Authorization headers for API calls
3. Stored temporarily for customer session management
4. Passed to frontend applications for customer-specific operations

Security Best Practices:

• Never expose tokens in client-side logs or browser storage
• Transmit tokens only over HTTPS
• Implement token rotation for long-lived sessions
• Validate token expiration before use
• Revoke tokens when customer logs out or changes credentials

Error Handling:

• If neither customerId nor email is provided, returns 400 Bad Request
• If both customerId and email are provided, customerId takes precedence
• If customer not found, returns 404 Not Found
• Invalid email format returns 400 Bad Request

Authentication: Requires API key authentication via X-API-Key header or api_key parameter