# Generate customer portal authentication token

Generates an authentication token for customer portal access using either customer ID or email address. This token can be used to create magic links or authenticate API requests on behalf of a customer.

Key Features:
- Flexible Lookup: Find customer by Shopify customer ID OR email address
- JWT Token: Returns cryptographically secure JSON Web Token
- Portal Access: Token grants access to customer subscription management portal
- API Authentication: Can be used in subsequent API calls for customer-specific operations
- Time-Limited: Token expires after configured duration (default: 24-72 hours)

Request Parameters:
Provide either customerId OR email (not both):
- customerId: Shopify customer ID (numeric string, e.g., "6789012345")
- email: Customer's email address as registered in Shopify

Response Contains:
- customerId: Shopify customer ID associated with the token
- token: JWT authentication token for portal access
- shop: Store domain the customer belongs to
- expiresAt: Token expiration timestamp (ISO 8601)

Common Use Cases:
- Generate token to construct customer portal magic links
- Authenticate customer in headless commerce implementations
- Validate customer identity before allowing subscription changes
- Create custom portal integrations with embedded authentication
- Server-side customer lookup when only email is available
- Build custom subscription management UIs with API authentication
- Integrate with external CRM systems requiring customer tokens

Token Usage:
Once generated, the token can be:
1. Embedded in magic link URLs: https://portal.example.com?token={token}
2. Used as Bearer token in Authorization headers for API calls
3. Stored temporarily for customer session management
4. Passed to frontend applications for customer-specific operations

Security Best Practices:
- Never expose tokens in client-side logs or browser storage
- Transmit tokens only over HTTPS
- Implement token rotation for long-lived sessions
- Validate token expiration before use
- Revoke tokens when customer logs out or changes credentials

Error Handling:
- If neither customerId nor email is provided, returns 400 Bad Request
- If both customerId and email are provided, customerId takes precedence
- If customer not found, returns 404 Not Found
- Invalid email format returns 400 Bad Request

Authentication: Requires API key authentication via X-API-Key header or api_key parameter

Endpoint: GET /api/external/v2/customer-portal-token
Version: 0.0.1

## Query parameters:

  - `api_key` (string)
    API Key (Deprecated - Use Header X-API-Key instead)

  - `customerId` (string)
    Shopify customer ID (provide either customerId OR email)
    Example: 6789012345

  - `email` (string)
    Customer email address (provide either customerId OR email)
    Example: "customer@example.com"

## Header parameters:

  - `X-API-Key` (string)

## Response 200 fields (application/json):

  - `customerId` (integer)

  - `token` (string)

## Response 400 fields (*/*):

  - `customerId` (integer)

  - `token` (string)

## Response 401 fields (*/*):

  - `customerId` (integer)

  - `token` (string)

## Response 404 fields (*/*):

  - `customerId` (integer)

  - `token` (string)