Start customer login
Public storefront endpoint. If the store can complete login directly, a successful credential check returns customer JWT tokens. If the store requires OTP, a successful credential check sends the one-time code and returns a message object so the frontend can show the OTP entry step.
Headers
Publishable storefront public API key for the target store. Page public API keys are not accepted on Storefront public routes.
Path Parameters
Store unique_id.
Body
Response
Customer login tokens, or an OTP challenge message when the store requires OTP.
- Option 1
- Option 2
Customer access JWT. Send it as Authorization: Bearer <token> to /v3/stores/{store_id}/customers/me/*.
Refresh token for POST /v3/stores/{store_id}/public/auth/jwt/refresh.
Token type to use in the Authorization header.
Bearer Access token lifetime in seconds.
900
Refresh token lifetime in seconds. Refresh tokens rotate on every refresh and are single-use.
2592000
Public store unique ID returned by some OTP verification responses.

