x-session. More about this
Supported methods
List of all supported methods.| Command | Endpoints | GET | PUT | POST | DELETE |
|---|---|---|---|---|---|
| Log in to customer account | account/login | ||||
| Enable stay logged in | account/autologin | ||||
| Create customer account | account/register | ||||
| Retrieve account data | account/get | ||||
| Log out customer account | account/logout | ||||
| Delete customer account | account/delete | ||||
| Delete customer account with opt-in code | account/deleteConfirm | ||||
| Add new address to customer account | account/address/create | ||||
| Edit an existing address | account/address/update | ||||
| Set address as main address | account/address/setMain | ||||
| List addresses of the customer account | account/address/list | ||||
| Retrieve a specific address | account/address/get | ||||
| Delete an address | account/address/delete | ||||
| Enable notification for “product back in stock” | account/backInStock/notify | ||||
| List all “product back in stock” notifications | account/backInStock/list | ||||
| Change display name for product reviews | account/displayName/update | ||||
| Change email address of customer account | account/email/update | ||||
| Verify email address of customer account | account/email/verify | ||||
| List all orders of the customer account | account/order/list | ||||
| Retrieve a specific order | account/order/get | ||||
| Change password of customer account | account/password/change | ||||
| Start password reset | account/password/forgotten | ||||
| Reset password | account/password/reset |
Methods for the customer account
With these methods, the customer account in the shop is managed. They read out the data of the currently logged-in user (master data, address, customer data fields, login status) and log an account in with email address/password. Optionally, the “stay logged in” function can be activated by autologin token. In addition, new accounts can be registered and directly logged in. Existing sessions can be cleanly logged out. Customer accounts can also be deleted.GET account/get
This call delivers the data of the currently logged-in customer account of the passed session. Typical use cases are the display of the account area (name, email address, display name) or a simple “logged in/logged out” check in the frontend. Example call to get data of the currently logged-in customer account:Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Example response
POST account/login
This call logs in a customer account. If the passed credentials are correct, the active session is logged into the account. IfAutologin is enabled, the response contains an Autologin token.
Example call that logs the customer account with the ID kundenkonto@example.com into the session
Example request
Example response
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
id | string | Required field Email address of the user account. |
password | string | Required field Password of the user account. |
autologin | enum | Controls auto-login. - all = The user can log in again on this device without re-entering the password - restricted = Autologin is active, but with additional rules (e.g. shorter session validity)- off (default) = Each session requires a regular login |
Example response
Error codes
| Code | Description |
|---|---|
emailCheckFailed | The passed id is not a valid email address. |
loginBlocked | The account is temporarily blocked (e.g. due to too many login attempts). |
invalidCredentials | Email or password invalid. |
ipAddressBlocked | IP temporarily blocked due to too many failed attempts. |
POST account/autologin
This call enables the “stay logged in” function for the current session. This allows the user to log in again on this device in the future without re-entering the password. Example call that enables autologin for the customer account with the ID51
Example response
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
token | string | Required field Autologin token from POST /api/v1/account/login(when autologin = all/restricted). |
Error codes
| Code | Description |
|---|---|
invalidToken | The autologin token is invalid or expired. |
POST account/register
This call creates a new customer account and logs the current session in directly with this account. This allows the user to continue immediately after registration. Example call to create a new customer account with the email addresskundenkonto@example.com and the password password123
Example request
Example response
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
email | string | Required field Email address for the new user account. |
password | string | Required field Password for the new user account. |
Example response
Error codes
| Code | Description |
|---|---|
emailCheckFailed | The specified email address is syntactically invalid. |
loginBlocked | The account / request is currently blocked. |
passwordCheckFailed | The password does not meet the security guidelines (too weak). |
accountAlreadyExists | An account with this email address already exists. |
POST account/logout
This call logs out the currently logged-in userExample response
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Error codes
| Code | Description |
|---|---|
| — | No error codes exist for this request, the action is always successful. |
DELETE account/delete
This call deletes the currently logged-in customer account. After successful execution, the session is ended and access to the account is removed. Note: deletion cannot be undone! Example call to permanently delete the currently logged-in user accountdoubleOptInEmail.enabled setting).
Example response
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
| Code | Description |
|---|---|
notLoggedIn | No user is logged in. |
actionNotAllowed | The passed opt-in token is not allowed for this action, e.g. because it was requested for a different action or is invalid. |
DELETE account/deleteConfirm
This call confirms the account deletion viaOpt-in token and permanently deletes the currently logged-in customer account. It is only used if account deletion via double opt-in is enabled in your shop. Without double opt-in, calling account/delete is sufficient.
Example call that confirms the deletion of the currently logged-in user account via opt-in token
Example request
Example response
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
otok | string | Required field Opt-in token from the confirmation email. |
Error codes
| Code | Description |
|---|---|
notLoggedIn | No user is logged in. |
actionNotAllowed | The passed opt-in token is not allowed for this action, e.g. because it was requested for a different action or is invalid. |
Methods for address management
With these methods, the addresses in the customer account can be managed. They list all available address fields and return the addresses belonging to the logged-in account or fetch an individual address by ID. New addresses can be created with all relevant fields, existing addresses can be specifically updated or marked as the main address. If needed, they can be deleted again.GET account/address/fields
This call returns all available address fields. Using this information, address forms can be created in the frontend. Example call that returns all available address fieldsParameter overview
| Parameter | Type | Description |
|---|---|---|
| — | — | No additional parameters. |
Example response
GET account/address/list
This call returns all saved addresses of the currently logged-in customer account, including the field values name, street, ZIP/city, and country code. The data can be used to display address overviews in the customer account. Example call that returns all saved addresses of the currently logged-in user accountParameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Example response
GET account/address/get
The following call returns the specific address of the currently logged-in customer account based on its address ID. This can be used, for example, to display or pre-fill the address in the checkout. Example call that returns the address with the ID97 of the logged-in user account:
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
addressId | string | ID of the address to be retrieved. |
Example response
POST account/address/create
This call creates a new address for the currently logged-in customer account. It can be used, for example, as a billing or delivery address in the checkout. Example call that creates a new address for the currently logged-in user accountExample request
address is passed without specified parameters, the default values are taken over for all fields.
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
address | object | Required field Bundles the address data fields. |
additionalInfo | string | Additional info on the address (e.g. floor). |
businessFax | string | Business fax. |
businessPhone | string | Business phone. |
city | string | City |
company | string | Company / business |
country | string | Country code (e.g. DE ) |
custom | object | Free additional fields (configurable with accounts.customAddressField) |
dateOfBirth | string | Date of birth |
department | string | Department (business) |
fax | string | Private fax |
firstName | string | First name |
lastName | string | Last name |
mobilePhone | string | Mobile number |
phone | string | Landline number |
state | string | State / region |
street | string | Street |
streetNumber | string | House number |
taxId | string | Tax/VAT ID |
zip | string | Postal code |
Example response
Error codes
| Code | Description |
|---|---|
notLoggedIn | The session is not logged into any account (possibly missing/invalid x-session) |
emptyAddress | The address field is missing or empty. |
unknownField | No address field exists with the specified name. |
invalidFieldType | An address field has an invalid data type (e.g. number instead of string) |
POST account/address/setMain
This request can be used to set an existing address of the currently logged-in customer account as the main address (e.g. as default for shipping/billing). It can be used to mark an address as the default for billing or shipping. Example call that sets the address with the ID97 as the main address for the currently logged-in customer account
Example request
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
addressId | string | ID of the address to be set as the main address. |
Example response
Error codes
| Code | Description |
|---|---|
notLoggedIn | The session is not logged into any account. (missing / invalid x-session) |
invalidAddressId | The specified address ID is invalid. |
PUT account/address/update
This call lets you update an existing address of the currently logged-in customer account. It is not necessary to fill out all fields; fields that are not filled out remain unchanged. It can be used, for example, to correct an address for shipping or billing. Example call that changes the first and last name of the address with the ID97 for the currently logged-in customer account
Example request
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
address | object | Required field Bundles the address data fields. |
additionalInfo | string | Additional info on the address (e.g. floor). |
businessFax | string | Business fax. |
businessPhone | string | Business phone. |
city | string | City |
company | string | Company / business |
country | string | Country code (e.g. DE ) |
custom | object | Free additional fields (configurable with accounts.customAddressField) |
dateOfBirth | string | Date of birth |
department | string | Department (business) |
fax | string | Private fax |
firstName | string | First name |
lastName | string | Last name |
mobilePhone | string | Mobile number |
phone | string | Landline number |
state | string | State / region |
street | string | Street |
streetNumber | string | House number |
taxId | string | Tax/VAT ID |
zip | string | Postal code |
Example response
Error codes
| Code | Description |
|---|---|
invalidAddressId | The specified address ID is invalid. |
emptyAddress | The address field is missing or empty. |
unknownField | No address field exists with the specified name. |
invalidFieldType | An address field has an invalid data type (e.g. number instead of string) |
DELETE account/address/delete
This call deletes an existing address of the currently logged-in customer account. Example call that deletes the address with the ID97 for the currently logged-in customer account
Example request
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
addressId | string | ID of the address to be deleted. |
Example response
Error codes
| Code | Description |
|---|---|
notLoggedIn | The session is not logged into any account. (missing / invalid x-session) |
invalidAddressId | The specified address ID is invalid. |
Methods for notifications
With these methods, “product back in stock” notifications in the customer account can be managed. They read out all notifications stored for the logged-in customer account, create new notifications for a combination of email address and product, and delete existing notifications again.GET account/backInStock/list
The following call lists all “product back in stock” notifications that are enabled for the account. It can be used to make them available for the customer in the customer account. Example call that lists all “product back in stock” notifications of the currently logged-in customer accountParameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Example response
POST account/backInStock/notify
This call sets up a “product back in stock” notification for the logged-in account. As soon as the item is back in stock, an email is sent to the specified address. Example call that creates a “product back in stock” notification for the product with the ID12345. The notification is sent to the email address <EMAIL>
Example request
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
email | string | Required field Email address to which the notification should be sent. |
productId | string | Required field ID of the product to be notified about. |
Error codes
| Code | Description |
|---|---|
notLoggedIn | The session is not logged into any account. (missing / invalid x-session) |
notAllowed | The feature is deactivated in the configuration. (Configuration of the content.inventory field under backInStock.allow) |
missingInventoryState | The product has no stock. |
entryExists | A notification already exists for the same combination of productId and email. |
DELETE account/backInStock/notify
This call deletes the “product back in stock” notification created for the logged-in account. Example call that deletes a “product back in stock” notification for the product with the ID12345 and the email address <EMAIL>
Example request
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
email | string | Required field Email address for which the notification is set up. |
productId | string | Required field ID of the product for which the notification should be deleted. |
Error codes
| Code | Description |
|---|---|
notLoggedIn | The session is not logged into any account. (missing / invalid x-session) |
notAllowed | The feature is deactivated in the configuration. |
missingInventoryState | The product has no stock. |
Further methods for customer data
With these methods, the customer account is extended with central self-service functions. Users can view their order history paginated or specifically retrieve individual orders along with their positions, addresses, and payment and shipping details. In addition, you can change the public display name for product reviews and the email address of the account. If needed, a subsequent confirmation by opt-in token is required. The complete lifecycle of passwords is covered: from changing the password while logged in (including optional verification of the current email address and/or the previous password) to the “forgot password” process with recovery email and subsequent reset via an opt-in token.GET account/order/list
This call displays the order history of the currently logged-in customer account. It can be used for the “My orders” page in the customer account. Via the query parameterspage and size, pagination can be controlled (e.g. page 1 with ten entries). This way, orders can be loaded page by page and conveniently displayed.
Example call that displays the order history of page 1 with 10 entries of the currently logged-in customer account
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
page | int | Required field Specifies which page of the order listing should be output. The parameter must be greater than or equal to 1. |
size | int | Required field Specifies how many orders should be displayed per page. A number between 1 and 100 is allowed. |
order | string | Sorting (ID from general.order), leave empty for default sorting. |
Example response
GET account/order/get
This call retrieves the details of a specific order of the currently logged-in customer account, for example for the order detail page. Example call that retrieves the details for the order with the ID4869 for the currently logged-in customer account
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
orderId | string | ID of the order to be retrieved. |
Example response
POST account/displayName/update
This call lets you change the public display name of the currently logged-in customer account. This is the name displayed next to reviews in product reviews. Example call that changes the public display name of the currently logged-in user account toName
Example request
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
displayName | string | Required field New display name for reviews. |
Example response
Error codes
| Code | Description |
|---|---|
notLoggedIn | No user is logged in. |
POST account/email/update
The following call can be used to change the email address of the logged-in account. Depending on the configuration, an email verification may then be triggered. Example call that changes the email address for the currently logged-in user account toneue.adresse@example.com
Example request
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
email | string | New email address. |
Error codes
| Code | Description |
|---|---|
emailCheckFailed | The specified email has an invalid format. |
accountAlreadyExists | An account with this email address already exists. |
POST account/email/verify
The following call confirms the email address using the opt-in token from the confirmation email. Example call that verifies the email address using theopt-in token <OPT_IN_TOKEN>
Example request
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
otok | string | Opt-in token from the confirmation email. Can be a required field or optional. More info see note above. |
Example response
Error codes
| Code | Description |
|---|---|
actionNotAllowed | The transmitted opt-in token is invalid. |
POST account/password/change
This call changes the password of the currently logged-in account. Depending on the shop configuration, the entry of the current password may be required and/or an email confirmation may be triggered. Example call to set a new password (<NEW_PASSWORD>) for the current user account
Example request
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
newPassword | string | Required field The desired new password for the user account. |
email | string | The email address of the account for which the password is to be changed. Only required if specified in the configuration. |
passwordAuth | string | Only required if specified in the configuration. |
Example response
Error codes
| Code | Description |
|---|---|
notLoggedIn | The session is not logged in. (missing / invalid x-session) |
emailMismatch | The specified email address does not match the account. |
missingEmail | Email verification has been enabled in the configuration, but email is missing in the request. |
failedPasswordAuth | The entered password is incorrect. |
missingPasswordAuth | Verification of the current password is enabled in the configuration, but passwordAuth is missing in the request. |
passwordCheckFailed | The new password does not meet the minimum standards. (e.g. length / complexity) |
POST account/password/forgotten
The following call starts the password reset for the specified email address (an email with further information on the procedure is sent). Example call that sends the “forgot password” link to the email addresskunde@example.com
Example request
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
email | string | Required field Email address of the account. |
Error codes
| Code | Description |
|---|---|
emailCheckFailed | The specified email address has an invalid format. |
passwordRecoveryFailed | No account was found for the specified email address. |
POST account/password/reset
The following call can be used to reset the password using the opt-in token from the “forgot password” email: Example call that confirms the password reset for the customer account with the email addresskundenkonto@example.com and sets password as the new password
Example response
Parameter overview
Header parameters
| Parameter | Description |
|---|---|
x-session | Required field ID of the current session. More information: Storefront API Basics |
Body parameters
| Parameter | Type | Description |
|---|---|---|
newPassword | string | Required field The desired new password. |
otok | string | Required field Opt-in token from the “forgot password” email. |
email | string | Only required if email verification is enabled in the configuration. |
Error codes
| Code | Description |
|---|---|
notLoggedIn | The specified opt-in token is invalid or expired. |
emailMismatch | The specified email address does not match the account. |
missingEmail | Email verification is enabled in the configuration, but email was not transmitted as a parameter. |
passwordCheckFailed | The new password does not meet the guidelines. |