Authentication
Passwordless login

Passwordless Customer Login

Logging in customers via email link

Your application can send shoppers a one-time link via email that will sign them in to their storefront account (opens in a new tab).

Use cases for this include:

  • Reducing friction for customers, allowing them to proceed without needing to reset their passwords
  • Providing an alternate method for signing in customers versus using the Customer Login API

Sending the request

Send a POST request to {store-url}/login.php?action=passwordless_login

The request body should include:

  • email: The customer's email address. This email address is where they will receive the one-time login link.
  • redirect_url: A link to the URL of the page where you want to redirect customers once they are logged in. This URL must be on the same domain as the store.
Example
{
"email": "jane_doe@example.com",
"redirect_url": "/checkout"
}

Redirect URL

If the request body does not include a redirect_url, customers will be redirected as follows:

  • Failed sign-in: Sign-in page
  • Successful sign-in: User account page

Response

Upon receiving a successful POST request, BigCommerce will send a response that contains:

  • expiry: The time in seconds during which the login link is valid.
  • sent_email: A value of sign_in indicates BigCommerce sent the login link to the customer via the email provided. A value of password_reset means the customer requested a sign-in link, however BigCommerce sent a reset password email instead. BigCommerce sends the email immediately upon receiving the POST request.
Example
{
"expiry": 900,
"sent_email": "sign_in"
}

Email text

The customer will receive an email with the following subject line:

**{Store name} - Log in to your account**

The body of the email contains the following:

Please click the link below to sign in to your account with {store name}.
 
You have requested a sign-in link. Please click here to sign in and continue.
 
Alternatively, paste the following link in your browser:
https://store-url/login.php?action=check_passwordless_login&token={token}&redirectUrl={redirect_URL}
 
This login is for {Store name} if you did not request this link, please ignore this email. Your account is still secure.

This email uses the same email templates as other emails in your store.

Other status codes:

429: Too many requests, request was rate limited

404: Provided email does not belong to a customer

Related resources

Endpoints

Did you find what you were looking for?