The Customer API is used to build bespoke interfaces to allow customers to manage their stored payment methods and subscriptions.
It's designed to be called from within the context of a customer logged in to their Shopify account, either from a browser or other client (such as a mobile app).
The API follows the JSON API Specification, and provide endpoints for retrieving, creating and updating stored payment methods, subscriptions, and individual subscription orders.
Instructions and code examples for using the Submarine.js client library are available on Github.
Because the API is returning sensitive customer information (a list of their stored payment methods, saved subscriptions, and the contents of those subscriptions), authentication in required to retrieve or update any customer information.
Requests to the API are authenticated by providing three parameters in the querystring of all HTTP requests:
shop - the Shopify domain of the current store, eg example.myshopify.com;
timestamp - a UNIX timestamp of when the request was generated;
signature - a SHA256 HMAC signature generated from the ID of the logged in customer, the timestamp value, and a secret key made available to your theme via a shop-level metafield shop.metafields.submarine.customer_api_secret.
For other clients, such as mobile apps, these values should be generated within your application code before making calls.
An example authenticated API request to fetch the list of payment methods for the current customer (with an ID of 82500043234) may therefore look like the following:
For brevity, we omit these authentication parameters from the endpoint documentation below, but note that they are required for all requests.