Login

Authenticates a customer and returns a JWT access token + refresh token.

Dispatches by the provider field to a strategy registered in Spree.store_authentication_strategies. When provider is omitted it defaults to email, which uses the built-in email/password strategy.

To plug in a third-party identity provider (Auth0, Okta, Firebase, a custom JWT issuer, SAML, etc.), register a Spree::Authentication::Strategies::BaseStrategy subclass under a provider key, then send { "provider": "<your_key>", ... } with the fields your strategy requires. The endpoint returns the same Spree-issued JWT + refresh token regardless of which strategy authenticated the request.

POST

api

store

auth

Spree SDK

import { createClient } from '@spree/sdk'

const client = createClient({
  baseUrl: 'https://your-store.com',
  publishableKey: '<api-key>',
})

const auth = await client.auth.login({
  email: 'customer@example.com',
  password: 'password123',
})

{
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VyX3R5cGUiOiJjdXN0b21lciIsImp0aSI6IjY0NjcwM2Q0LWY5ZjAtNDlmMi05ZmZkLTA3YTZhY2I5YWZkZiIsImlzcyI6InNwcmVlIiwiYXVkIjoic3RvcmVfYXBpIiwiZXhwIjoxNzc5ODE1NjE1fQ.jlz2KHxYkB1Dd9ucl26zy6E5M7dFB5q9g-Qw0YjsX50",
  "refresh_token": "MQ9QZ1ToR8QocZoDd4ggC8yN",
  "user": {
    "id": "cus_UkLWZg9DAJ",
    "email": "test@example.com",
    "first_name": "Colette",
    "last_name": "Hegmann",
    "phone": null,
    "accepts_email_marketing": false,
    "full_name": "Colette Hegmann",
    "available_store_credit_total": "0",
    "display_available_store_credit_total": "$0.00",
    "addresses": [],
    "default_billing_address": null,
    "default_shipping_address": null
  }
}

Authorizations

x-spree-api-key

string

header

required

Publishable API key for store access

Headers

x-spree-api-key

string

required

Body

application/json

EmailPasswordLogin
ProviderLogin

Built-in email/password authentication (default when provider is omitted).

string<email>

required

Example:

"customer@example.com"

password

string

required

Example:

"password123"

provider

enum<string>

default:email

Available options:

email

Response

token

string

required

JWT access token

refresh_token

string

required

Refresh token for obtaining new access tokens

user

object

required

Show child attributes

Get a store credit

Refresh token

⌘I

Spree SDK

import { createClient } from '@spree/sdk'

const client = createClient({
  baseUrl: 'https://your-store.com',
  publishableKey: '<api-key>',
})

const auth = await client.auth.login({
  email: 'customer@example.com',
  password: 'password123',
})

{
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VyX3R5cGUiOiJjdXN0b21lciIsImp0aSI6IjY0NjcwM2Q0LWY5ZjAtNDlmMi05ZmZkLTA3YTZhY2I5YWZkZiIsImlzcyI6InNwcmVlIiwiYXVkIjoic3RvcmVfYXBpIiwiZXhwIjoxNzc5ODE1NjE1fQ.jlz2KHxYkB1Dd9ucl26zy6E5M7dFB5q9g-Qw0YjsX50",
  "refresh_token": "MQ9QZ1ToR8QocZoDd4ggC8yN",
  "user": {
    "id": "cus_UkLWZg9DAJ",
    "email": "test@example.com",
    "first_name": "Colette",
    "last_name": "Hegmann",
    "phone": null,
    "accepts_email_marketing": false,
    "full_name": "Colette Hegmann",
    "available_store_credit_total": "0",
    "display_available_store_credit_total": "$0.00",
    "addresses": [],
    "default_billing_address": null,
    "default_shipping_address": null
  }
}