External APIs (0.0.1)

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude
• Connect to Cursor

  Install MCP server on Cursor
• Connect to VS Code

  Install MCP server on VS Code

Retrieves the custom CSS styling configuration for the customer portal. This endpoint returns all custom CSS rules that have been configured to customize the appearance, layout, and branding of the subscription customer portal.

What is Custom CSS? Custom CSS allows merchants to fully customize the visual appearance of their customer portal beyond the basic theme settings. This enables complete brand alignment and creates a seamless experience that matches the merchant's main store design.

Custom CSS Capabilities:

• Layout Customization:

  • Modify page layouts and spacing
  • Adjust grid and flexbox configurations
  • Control responsive breakpoints
  • Customize navigation and sidebars

• Typography:

  • Custom fonts and font families
  • Font sizes, weights, and line heights
  • Letter spacing and text transforms
  • Heading and paragraph styles

• Colors and Branding:

  • Brand color palette application
  • Custom background colors and gradients
  • Button and link styling
  • Hover and focus states
  • Border colors and shadows

• Component Styling:

  • Subscription card appearances
  • Form input styling
  • Button designs and interactions
  • Modal and dialog boxes
  • Navigation menus
  • Product images and thumbnails

• Advanced Features:

  • CSS animations and transitions
  • Media queries for responsive design
  • Pseudo-elements and pseudo-classes
  • Custom icons using CSS
  • Transform and filter effects

CSS Structure: The returned CSS includes:

• Global styles for portal-wide consistency
• Component-specific styles
• Responsive design rules
• Theme overrides
• Custom animations
• Print styles (optional)

Common CSS Selectors Available:

/* Portal container */
.subscription-portal { }

/* Subscription cards */
.subscription-card { }
.subscription-card-header { }
.subscription-card-body { }

/* Buttons */
.btn-primary { }
.btn-secondary { }
.btn-cancel { }

/* Forms */
.form-control { }
.form-group { }
.form-label { }

/* Navigation */
.portal-nav { }
.nav-item { }

/* Product displays */
.product-item { }
.product-image { }
.product-title { }

Use Cases:

• Apply custom branding to match main store design
• Create unique visual experiences for different customer segments
• Implement seasonal or promotional themes
• Enhance mobile responsiveness
• Add accessibility improvements (high contrast, larger fonts)
• A/B test different portal designs
• Integrate with design systems
• Implement dark mode or theme switching

Important Notes:

• CSS is sanitized for security (XSS prevention)
• Certain properties may be restricted for security reasons
• External resources (fonts, images) must use HTTPS
• CSS is cached for performance - changes may take a few minutes to propagate
• Invalid CSS syntax is automatically filtered out
• Some core portal elements have !important styles that cannot be overridden

Best Practices:

• Use specific selectors to avoid conflicts
• Test across different browsers and devices
• Keep CSS organized with comments
• Use CSS variables for maintainability
• Minify CSS for production performance
• Consider accessibility in color choices (WCAG compliance)
• Provide fallbacks for advanced CSS features

Security Considerations:

• CSS is sanitized to prevent code injection
• External URLs are validated
• JavaScript in CSS is blocked (e.g., expression(), behavior())
• Data URIs are validated for malicious content

Authentication: Requires valid X-API-Key header

Sends an automated email to a customer containing a secure magic link for accessing their subscription management portal. The email is sent using the shop's configured email template and includes a time-limited authentication token.

What This Endpoint Does:

1. Validates customer exists and has subscriptions
2. Generates secure portal access token
3. Retrieves shop's email template configuration
4. Sends personalized email with magic link
5. Logs activity for audit trail

Magic Link Functionality:

What is a Magic Link? A magic link is a special URL containing an encrypted authentication token that allows customers to access their portal without entering a password. Clicking the link automatically logs them in.

Link Contents:

• Shop's portal URL
• Encrypted customer token (2-hour expiration)
• Direct access to subscription management
• No password required

Security:

• Token expires in 2 hours
• Single customer authentication
• Cannot be used by others
• Logged for security audit

Request Parameters:

email (required):

• Customer's email address
• Must exactly match email in Shopify
• Customer must have at least one subscription
• Case-sensitive in some systems

Email Template Configuration:

Template Requirements:

• Email template must be configured in Appstle settings
• Template type: SUBSCRIPTION_MANAGEMENT_LINK
• Template must not be disabled
• Template includes shop branding and customization

Email Content:

• Personalized greeting with customer name
• Clickable magic link button/link
• Expiration notice (link valid 2 hours)
• Shop branding and footer
• Optional custom messaging

Template Variables:

• {customer_name}: Customer's display name
• {magic_link}: Portal URL with token
• {shop_name}: Store name
• {expiration_time}: Token expiry time

Use Cases:

1. Customer Self-Service:

• "Forgot password" alternative
• Quick portal access without account setup
• Passwordless authentication flow
• Reduce friction for customers

2. Subscription Management Prompts:

• "Manage your subscription" emails
• Pre-billing reminders with management link
• Post-purchase subscription setup
• Re-engagement campaigns

3. Customer Support:

• Send portal access to customers
• Enable self-service during support interactions
• Provide instant portal access
• Reduce support workload

4. Automated Workflows:

• Payment failure recovery emails
• Subscription expiration notices
• Pause/skip reminders
• Renewal notifications

5. Marketing Campaigns:

• Subscription feature announcements
• New product availability
• Loyalty program invitations
• Referral program links

Process Flow:

1. API receives email parameter
2. Searches subscription database for customer email
3. If not found → Returns 400 error
4. If found → Retrieves customer subscriptions
5. Sorts subscriptions by status (active first)
6. Checks email template configuration
7. If disabled → Returns 400 error with instructions
8. If enabled → Generates magic link token
9. Prepares email with template
10. Sends email via configured provider
11. Logs activity (source: MERCHANT_EXTERNAL_API)
12. Returns success message

Response Format:

"Email triggered successfully."

Simple string response confirming email queued for delivery.

Important Considerations:

Customer Validation:

• Email MUST exist in subscription database
• Customer MUST have at least one subscription
• Customers without subscriptions cannot receive link
• Returns error if customer not found

Email Template Disabled:

• If template disabled in settings: Returns error
• Error message guides merchant to enable template
• Path: "More -> Email Settings"
• Template must be explicitly enabled

Email Delivery:

• Email sent asynchronously
• Success response doesn't guarantee delivery
• Check email logs for delivery confirmation
• Respects shop's email provider settings

Multiple Subscriptions:

• If customer has multiple subscriptions: Sorts by status
• Active subscriptions shown first
• Link provides access to ALL customer subscriptions
• Portal displays all contracts

Activity Logging:

• All magic link emails logged
• Source: MERCHANT_EXTERNAL_API
• Includes timestamp and customer
• Viewable in activity logs

Integration Examples:

Webhook Trigger - Payment Failed:

async function handlePaymentFailure(webhook) {
  const customerEmail = webhook.customer.email;
  
  // Send magic link to customer
  await fetch(
    `/api/external/v2/subscription-contracts-email-magic-link?email=${customerEmail}`,
    { headers: { 'X-API-Key': process.env.APPSTLE_API_KEY } }
  );
  
  console.log(`Magic link sent to ${customerEmail} for payment update`);
}

Customer Support Button:

async function sendPortalAccess(customerEmail) {
  try {
    const response = await fetch(
      `/api/external/v2/subscription-contracts-email-magic-link?email=${encodeURIComponent(customerEmail)}`,
      { 
        headers: { 'X-API-Key': apiKey },
        method: 'GET'
      }
    );
    
    if (response.ok) {
      alert('Portal access email sent to customer!');
    }
  } catch (error) {
    console.error('Failed to send magic link:', error);
  }
}

Best Practices:

1. Validate Email: Check email format before calling API
2. Rate Limiting: Don't spam customers - limit frequency
3. Error Handling: Handle customer not found gracefully
4. User Feedback: Confirm email sent to user
5. Test Template: Ensure email template configured and working
6. Monitor Logs: Check activity logs for delivery issues

Common Errors:

"Customer Email does not exist":

• Email not found in subscription database
• Customer has no subscriptions
• Email may be misspelled

"Email template not found":

• SUBSCRIPTION_MANAGEMENT_LINK template not configured
• Contact Appstle support to set up template

"Email is currently disabled":

• Template disabled in Email Settings
• Navigate to More -> Email Settings
• Enable "Subscription Management Link" email

Authentication: Requires valid X-API-Key header

Generates a secure, time-limited authentication token that grants access to the customer portal. Supports lookup by either Shopify customer ID or customer email address, making it flexible for various integration patterns.

What This Endpoint Returns: An encrypted JWT-like token that authenticates a customer for the subscription management portal, along with token metadata. Unlike the manage-subscription-link endpoint which returns a complete URL, this returns only the token itself.

Response Components:

token (string):

• Encrypted authentication token
• JWT-style format with cryptographic signature
• Contains customer ID and shop information
• Valid for 2 hours from generation
• Cannot be forged or tampered with

customerId (long):

• Shopify customer ID (numeric)
• Useful for verification
• Same ID used to generate token

Customer Lookup Methods:

Option 1: By Customer ID (Recommended)

GET /api/external/v2/customer-portal-token?customerId=12345

• Direct lookup by numeric Shopify customer ID
• Can use GraphQL GID format (automatically parsed)
• Fastest and most reliable
• No ambiguity

Option 2: By Email Address

GET /api/external/v2/customer-portal-token?email=customer@example.com

• Searches subscription database for matching email
• Finds associated customer ID automatically
• Useful when customer ID unknown
• Fails if email not found or invalid

Parameter Validation:

• Exactly ONE of customerId or email must be provided
• Providing neither: Returns 400 error
• Providing both: customerId takes precedence
• Email must exist in subscription database

Token Security:

Encryption:

• Uses HMAC-SHA256 cryptographic signing
• Secret key stored securely on server
• Token includes tamper detection
• Modification invalidates token

Expiration:

• Tokens expire exactly 2 hours after generation
• Timestamp embedded in token payload
• Verified on each use
• Cannot be extended

Scope:

• Token tied to specific customer
• Token tied to specific shop
• Cannot be used for other customers
• Cannot be used across shops

Use Cases:

1. Custom Portal Implementations:

• Build custom authentication flows
• Integrate portal into existing apps
• Create native mobile app authentication
• Headless commerce integrations

2. API-First Architectures:

• Generate tokens programmatically
• Pass tokens to frontend applications
• Build microservice authentication
• Separate auth from presentation

3. Single Sign-On (SSO):

• Authenticate users from existing system
• Bypass password entry
• Seamless portal access
• Cross-platform authentication

4. Email/SMS Campaigns:

• Generate tokens for magic links
• Embed in notification emails
• Include in SMS messages
• Create passwordless login links

5. Customer Support Tools:

• Generate portal access for support agents
• View customer's portal perspective
• Troubleshoot portal issues
• Assist customers remotely

Response Format:

{
  "customerId": 12345,
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJjdXN0b21lcklkIjoxMjM0NSwic2hvcCI6Im15c3RvcmUubXlzaG9waWZ5LmNvbSIsInRpbWVzdGFtcCI6MTcwOTU2MjAwMH0.abc123xyz789"
}

Using the Token:

Append to Portal URL:

const { token } = await getCustomerPortalToken(customerId);
const portalUrl = `https://mystore.com/tools/recurring/customer_portal?token=${token}`;
window.location.href = portalUrl;

Store in Session:

// Store for authenticated API calls
sessionStorage.setItem('portalToken', response.token);
sessionStorage.setItem('customerId', response.customerId);

// Use in subsequent requests
fetch('/api/subscription-data', {
  headers: { 'Authorization': `Bearer ${sessionStorage.getItem('portalToken')}` }
});

Mobile App Authentication:

// Generate token server-side
const tokenData = await generateToken(email);

// Send to mobile app
return {
  authToken: tokenData.token,
  customerId: tokenData.customerId,
  expiresIn: 7200 // 2 hours in seconds
};

Important Considerations:

Token vs. Full URL:

• This endpoint: Returns token only
• /manage-subscription-link endpoint: Returns complete URL
• Use this for custom implementations
• Use manage-subscription-link for simple email links

Email Lookup Limitations:

• Email must exist in subscription database
• Searches only customers with subscriptions
• Won't find customers without subscriptions
• Case-sensitive in some databases

Customer ID Formats:

• Accepts numeric ID: 12345
• Accepts GraphQL GID: gid://shopify/Customer/12345
• Automatically extracts numeric portion
• Always stores numeric format

Best Practices:

1. Generate On-Demand: Create tokens when needed, not in advance
2. Don't Store Long-Term: Tokens expire in 2 hours
3. Use HTTPS: Always transmit tokens over secure connections
4. Validate Expiry: Check token age on frontend
5. Prefer Customer ID: Use customerId lookup when available
6. Handle Errors: Gracefully handle missing customers

Security Notes:

• Treat tokens like passwords
• Don't log tokens in plain text
• Don't expose in URLs if possible (use POST bodies)
• Rotate tokens frequently
• Monitor for suspicious token generation patterns

Comparison with Other Endpoints:

vs. /manage-subscription-link:

• This: Token only
• That: Complete URL
• Use this for APIs, that for emails

vs. /subscription-contracts-email-magic-link:

• This: Returns token
• That: Sends email
• Use this for programmatic access, that for customer notifications

Authentication: Requires valid X-API-Key header