Comprehensive API documentation for managing subscriptions, payments, and related operations. These APIs allow you to programmatically manage subscription lifecycles, handle payments, configure products, and integrate subscription functionality into your applications.
External APIs
/- Generate customer portal authentication token
Regenerate subscription widget scripts
Get custom CSS for customer portal
Send magic link email to customer for portal access
Get customer portal settings
Generate customer portal...
External APIs (0.0.1)
Download OpenAPI description
Languages
Servers
https://subscription-admin.appstle.com
Request
Sends an automated email to a customer containing a secure magic link for accessing their subscription management portal. The email is sent using the shop's configured email template and includes a time-limited authentication token.
What This Endpoint Does:
- Validates customer exists and has subscriptions
- Generates secure portal access token
- Retrieves shop's email template configuration
- Sends personalized email with magic link
- Logs activity for audit trail
Magic Link Functionality:
What is a Magic Link? A magic link is a special URL containing an encrypted authentication token that allows customers to access their portal without entering a password. Clicking the link automatically logs them in.
Link Contents:
- Shop's portal URL
- Encrypted customer token (2-hour expiration)
- Direct access to subscription management
- No password required
Security:
- Token expires in 2 hours
- Single customer authentication
- Cannot be used by others
- Logged for security audit
Request Parameters:
email (required):
- Customer's email address
- Must exactly match email in Shopify
- Customer must have at least one subscription
- Case-sensitive in some systems
Email Template Configuration:
Template Requirements:
- Email template must be configured in Appstle settings
- Template type: SUBSCRIPTION_MANAGEMENT_LINK
- Template must not be disabled
- Template includes shop branding and customization
Email Content:
- Personalized greeting with customer name
- Clickable magic link button/link
- Expiration notice (link valid 2 hours)
- Shop branding and footer
- Optional custom messaging
Template Variables:
{customer_name}: Customer's display name{magic_link}: Portal URL with token{shop_name}: Store name{expiration_time}: Token expiry time
Use Cases:
1. Customer Self-Service:
- "Forgot password" alternative
- Quick portal access without account setup
- Passwordless authentication flow
- Reduce friction for customers
2. Subscription Management Prompts:
- "Manage your subscription" emails
- Pre-billing reminders with management link
- Post-purchase subscription setup
- Re-engagement campaigns
3. Customer Support:
- Send portal access to customers
- Enable self-service during support interactions
- Provide instant portal access
- Reduce support workload
4. Automated Workflows:
- Payment failure recovery emails
- Subscription expiration notices
- Pause/skip reminders
- Renewal notifications
5. Marketing Campaigns:
- Subscription feature announcements
- New product availability
- Loyalty program invitations
- Referral program links
Process Flow:
1. API receives email parameter
2. Searches subscription database for customer email
3. If not found → Returns 400 error
4. If found → Retrieves customer subscriptions
5. Sorts subscriptions by status (active first)
6. Checks email template configuration
7. If disabled → Returns 400 error with instructions
8. If enabled → Generates magic link token
9. Prepares email with template
10. Sends email via configured provider
11. Logs activity (source: MERCHANT_EXTERNAL_API)
12. Returns success messageResponse Format:
"Email triggered successfully."Simple string response confirming email queued for delivery.
Important Considerations:
Customer Validation:
- Email MUST exist in subscription database
- Customer MUST have at least one subscription
- Customers without subscriptions cannot receive link
- Returns error if customer not found
Email Template Disabled:
- If template disabled in settings: Returns error
- Error message guides merchant to enable template
- Path: "More -> Email Settings"
- Template must be explicitly enabled
Email Delivery:
- Email sent asynchronously
- Success response doesn't guarantee delivery
- Check email logs for delivery confirmation
- Respects shop's email provider settings
Multiple Subscriptions:
- If customer has multiple subscriptions: Sorts by status
- Active subscriptions shown first
- Link provides access to ALL customer subscriptions
- Portal displays all contracts
Activity Logging:
- All magic link emails logged
- Source: MERCHANT_EXTERNAL_API
- Includes timestamp and customer
- Viewable in activity logs
Integration Examples:
Webhook Trigger - Payment Failed:
async function handlePaymentFailure(webhook) {
const customerEmail = webhook.customer.email;
// Send magic link to customer
await fetch(
`/api/external/v2/subscription-contracts-email-magic-link?email=${customerEmail}`,
{ headers: { 'X-API-Key': process.env.APPSTLE_API_KEY } }
);
console.log(`Magic link sent to ${customerEmail} for payment update`);
}Customer Support Button:
async function sendPortalAccess(customerEmail) {
try {
const response = await fetch(
`/api/external/v2/subscription-contracts-email-magic-link?email=${encodeURIComponent(customerEmail)}`,
{
headers: { 'X-API-Key': apiKey },
method: 'GET'
}
);
if (response.ok) {
alert('Portal access email sent to customer!');
}
} catch (error) {
console.error('Failed to send magic link:', error);
}
}Best Practices:
- Validate Email: Check email format before calling API
- Rate Limiting: Don't spam customers - limit frequency
- Error Handling: Handle customer not found gracefully
- User Feedback: Confirm email sent to user
- Test Template: Ensure email template configured and working
- Monitor Logs: Check activity logs for delivery issues
Common Errors:
"Customer Email does not exist":
- Email not found in subscription database
- Customer has no subscriptions
- Email may be misspelled
"Email template not found":
- SUBSCRIPTION_MANAGEMENT_LINK template not configured
- Contact Appstle support to set up template
"Email is currently disabled":
- Template disabled in Email Settings
- Navigate to More -> Email Settings
- Enable "Subscription Management Link" email
Authentication: Requires valid X-API-Key header
- https://subscription-admin.appstle.com/api/external/v2/subscription-contracts-email-magic-link
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://subscription-admin.appstle.com/api/external/v2/subscription-contracts-email-magic-link?api_key=string&email=string' \
-H 'X-API-Key: string'Response
application/json
"Email triggered successfully."
Request
Generates a secure, time-limited authentication token that grants access to the customer portal. Supports lookup by either Shopify customer ID or customer email address, making it flexible for various integration patterns.
What This Endpoint Returns: An encrypted JWT-like token that authenticates a customer for the subscription management portal, along with token metadata. Unlike the manage-subscription-link endpoint which returns a complete URL, this returns only the token itself.
Response Components:
token (string):
- Encrypted authentication token
- JWT-style format with cryptographic signature
- Contains customer ID and shop information
- Valid for 2 hours from generation
- Cannot be forged or tampered with
customerId (long):
- Shopify customer ID (numeric)
- Useful for verification
- Same ID used to generate token
Customer Lookup Methods:
Option 1: By Customer ID (Recommended)
GET /api/external/v2/customer-portal-token?customerId=12345- Direct lookup by numeric Shopify customer ID
- Can use GraphQL GID format (automatically parsed)
- Fastest and most reliable
- No ambiguity
Option 2: By Email Address
GET /api/external/v2/customer-portal-token?email=customer@example.com- Searches subscription database for matching email
- Finds associated customer ID automatically
- Useful when customer ID unknown
- Fails if email not found or invalid
Parameter Validation:
- Exactly ONE of
customerIdoremailmust be provided - Providing neither: Returns 400 error
- Providing both: customerId takes precedence
- Email must exist in subscription database
Token Security:
Encryption:
- Uses HMAC-SHA256 cryptographic signing
- Secret key stored securely on server
- Token includes tamper detection
- Modification invalidates token
Expiration:
- Tokens expire exactly 2 hours after generation
- Timestamp embedded in token payload
- Verified on each use
- Cannot be extended
Scope:
- Token tied to specific customer
- Token tied to specific shop
- Cannot be used for other customers
- Cannot be used across shops
Use Cases:
1. Custom Portal Implementations:
- Build custom authentication flows
- Integrate portal into existing apps
- Create native mobile app authentication
- Headless commerce integrations
2. API-First Architectures:
- Generate tokens programmatically
- Pass tokens to frontend applications
- Build microservice authentication
- Separate auth from presentation
3. Single Sign-On (SSO):
- Authenticate users from existing system
- Bypass password entry
- Seamless portal access
- Cross-platform authentication
4. Email/SMS Campaigns:
- Generate tokens for magic links
- Embed in notification emails
- Include in SMS messages
- Create passwordless login links
5. Customer Support Tools:
- Generate portal access for support agents
- View customer's portal perspective
- Troubleshoot portal issues
- Assist customers remotely
Response Format:
{
"customerId": 12345,
"token": "eyJhbGciOiJIUzI1NiJ9.eyJjdXN0b21lcklkIjoxMjM0NSwic2hvcCI6Im15c3RvcmUubXlzaG9waWZ5LmNvbSIsInRpbWVzdGFtcCI6MTcwOTU2MjAwMH0.abc123xyz789"
}Using the Token:
Append to Portal URL:
const { token } = await getCustomerPortalToken(customerId);
const portalUrl = `https://mystore.com/tools/recurring/customer_portal?token=${token}`;
window.location.href = portalUrl;Store in Session:
// Store for authenticated API calls
sessionStorage.setItem('portalToken', response.token);
sessionStorage.setItem('customerId', response.customerId);
// Use in subsequent requests
fetch('/api/subscription-data', {
headers: { 'Authorization': `Bearer ${sessionStorage.getItem('portalToken')}` }
});Mobile App Authentication:
// Generate token server-side
const tokenData = await generateToken(email);
// Send to mobile app
return {
authToken: tokenData.token,
customerId: tokenData.customerId,
expiresIn: 7200 // 2 hours in seconds
};Important Considerations:
Token vs. Full URL:
- This endpoint: Returns token only
/manage-subscription-linkendpoint: Returns complete URL- Use this for custom implementations
- Use manage-subscription-link for simple email links
Email Lookup Limitations:
- Email must exist in subscription database
- Searches only customers with subscriptions
- Won't find customers without subscriptions
- Case-sensitive in some databases
Customer ID Formats:
- Accepts numeric ID:
12345 - Accepts GraphQL GID:
gid://shopify/Customer/12345 - Automatically extracts numeric portion
- Always stores numeric format
Best Practices:
- Generate On-Demand: Create tokens when needed, not in advance
- Don't Store Long-Term: Tokens expire in 2 hours
- Use HTTPS: Always transmit tokens over secure connections
- Validate Expiry: Check token age on frontend
- Prefer Customer ID: Use customerId lookup when available
- Handle Errors: Gracefully handle missing customers
Security Notes:
- Treat tokens like passwords
- Don't log tokens in plain text
- Don't expose in URLs if possible (use POST bodies)
- Rotate tokens frequently
- Monitor for suspicious token generation patterns
Comparison with Other Endpoints:
vs. /manage-subscription-link:
- This: Token only
- That: Complete URL
- Use this for APIs, that for emails
vs. /subscription-contracts-email-magic-link:
- This: Returns token
- That: Sends email
- Use this for programmatic access, that for customer notifications
Authentication: Requires valid X-API-Key header
- https://subscription-admin.appstle.com/api/external/v2/customer-portal-token
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://subscription-admin.appstle.com/api/external/v2/customer-portal-token?api_key=string&customerId=string&email=string' \
-H 'X-API-Key: string'Response
application/json
{ "customerId": 12345, "token": "eyJhbGciOiJIUzI1NiJ9.eyJjdXN0b21lcklkIjoxMjM0NSwic2hvcCI6Im15c3RvcmUubXlzaG9waWZ5LmNvbSIsInRpbWVzdGFtcCI6MTcwOTU2MjAwMH0.abc123xyz789" }
Request
Retrieves the customer portal configuration and settings for the authenticated shop. The customer portal is the self-service interface where subscribers can manage their subscriptions, update payment methods, modify delivery addresses, and more.
What is the Customer Portal? The customer portal is a dedicated web interface that allows your subscribers to manage their subscription accounts independently. This reduces support burden and improves customer experience by enabling self-service subscription management.
Settings Returned:
Display Configuration:
- Portal theme and branding settings
- Custom colors and logo
- Layout preferences
- Custom CSS selectors
Feature Toggles:
- Enable/disable subscription pausing
- Enable/disable order skipping
- Enable/disable product swapping
- Enable/disable frequency changes
- Enable/disable quantity modifications
- Enable/disable address editing
- Enable/disable payment method updates
- Enable/disable subscription cancellation
Subscription Management Options:
- Maximum pause duration allowed
- Minimum subscription duration requirements
- Skip limits per billing cycle
- Product swap availability
- One-time product add-ons
Communication Settings:
- Email notification preferences
- Custom portal messaging
- Support contact information
- Help text and instructions
Access Control:
- Portal authentication method
- Password requirements
- Magic link settings
- Session duration
Advanced Options:
- Custom domain configuration
- Redirect URLs
- Webhook endpoints
- Analytics tracking settings
Use Cases:
- Display customer portal with correct branding and theme
- Determine which features are available to subscribers
- Build custom portal interfaces using your settings
- Sync portal configuration across systems
- Validate subscription management capabilities
- Configure third-party integrations
Important Notes:
- Settings are shop-specific and unique per merchant
- Some features may be restricted based on subscription plan
- Changes to settings are reflected immediately in the portal
- Custom CSS must be valid and secure
- Portal URL is typically: shop-domain.com/apps/subscriptions
Common Configuration Scenarios:
1. Standard Self-Service Portal:
- Allow pausing (up to 3 months)
- Allow skipping (max 2 consecutive orders)
- Allow frequency changes
- Allow quantity updates
- Allow address editing
- Enable payment method updates
- Enable cancellation with feedback
2. Locked-Down Portal (Minimal Self-Service):
- Disable pausing
- Disable skipping
- Disable cancellation (require support contact)
- Allow address editing only
- Allow payment method updates only
3. Full-Service Portal (Maximum Flexibility):
- Enable all subscription management features
- Allow unlimited pauses and skips
- Enable product swapping
- Enable one-time add-ons
- Allow subscription splitting/merging
- Custom branding and domain
Authentication: Requires valid X-API-Key header
- https://subscription-admin.appstle.com/api/external/v2/customer-portal-settings/{id}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://subscription-admin.appstle.com/api/external/v2/customer-portal-settings/{id}?api_key=string' \
-H 'X-API-Key: string'Response
application/json
{ "id": 12345, "shop": "example-shop.myshopify.com", "portalEnabled": true, "customDomain": "subscriptions.example.com", "allowPause": true, "maxPauseDuration": 90, "allowSkip": true, "maxConsecutiveSkips": 2, "allowFrequencyChange": true, "allowQuantityChange": true, "allowProductSwap": true, "allowAddressEdit": true, "allowPaymentMethodUpdate": true, "allowCancellation": true, "requireCancellationReason": true, "enableOneTimeProducts": true, "minimumSubscriptionCycles": 3, "theme": { "primaryColor": "#4A90E2", "secondaryColor": "#50E3C2", "accentColor": "#F5A623", "fontFamily": "'Helvetica Neue', Arial, sans-serif", "logoUrl": "https://cdn.shopify.com/s/files/1/0000/0000/files/logo.png", "customCss": ".subscription-card { border-radius: 8px; }" }, "authentication": { "method": "MAGIC_LINK", "sessionDuration": 3600, "requireEmailVerification": true }, "notifications": { "sendSkipConfirmation": true, "sendPauseConfirmation": true, "sendFrequencyChangeConfirmation": true, "sendCancellationConfirmation": true }, "supportContact": { "email": "support@example.com", "phone": "+1-800-123-4567", "chatEnabled": true }, "createdAt": "2024-01-15T10:30:00Z", "updatedAt": "2024-02-20T14:45:00Z" }