Skip to main content
The SDK supports multiple authentication modes depending on your use case. For a full overview of the API authentication methods, see the Store API Authentication reference.

Publishable Key Only (Guest/Public Access)

Use a publishable API key for public endpoints like browsing products: 
import { createSpreeClient } from '@spree/sdk'

const client = createSpreeClient({
  baseUrl: 'http://localhost:3000',
  publishableKey: 'spree_pk_xxx',
})

// Public endpoints work without user authentication
const products = await client.store.products.list()

Publishable Key + JWT (Authenticated Customer)

For authenticated customer actions like viewing orders or managing addresses: 
// Login to get a JWT token
const { token, user } = await client.store.auth.login({
  email: 'customer@example.com',
  password: 'password123',
})

// Use the token for authenticated requests
const orders = await client.store.orders.list({}, { token })

// Refresh token when needed
const newTokens = await client.store.auth.refresh({ token })

Register New Customer

const { token, user } = await client.store.auth.register({
  email: 'new@example.com',
  password: 'password123',
  password_confirmation: 'password123',
  first_name: 'John',
  last_name: 'Doe',
})

Guest Checkout

For guest checkout, use the token returned when creating a cart. The SDK automatically sends it via the x-spree-order-token header: 
// Create a cart (guest)
const cart = await client.store.cart.create()

// Use orderToken for all cart operations
const options = { orderToken: cart.token }

// Add items
await client.store.orders.lineItems.create(cart.id, {
  variant_id: 'variant_abc123',
  quantity: 1,
}, options)

const options = { orderToken: cart.token }

// Update order with email
await client.store.orders.update(cart.id, {
  email: 'guest@example.com',
}, options)

// Complete checkout
await client.store.orders.complete(cart.id, options)