About the Order status page
The Order status page is where customers can view, manage, and track a specific order. Customers can reach this page from order notifications, or by clicking an order on the Order index page. Since customers frequently check their order status, the Order status page is an essential part of the customer journey, and a great opportunity for building UI extensions that add useful functionality to the customer experience.
Order action menu extensions are shared between the Order index and Order status pages, which enables customers to manage their order from either page.
Anchor to Authentication statesAuthentication states
Extensions can use the Authentication State API to get the authentication state of the Order status page.
The Order status page supports the following authentication states:
Anchor to Unauthenticated stateUnauthenticated state
The unauthenticated Order status page can be accessed by anyone who has a direct link.
When customers directly access the page, only public order data like items in the cart, order status, and order total displays. Sensitive and personally identifiable information is redacted. Because the unauthenticated Order status page is fully public, it doesn't support extensions. This prevents exposing sensitive information or actions.

Anchor to Pre-authenticated statePre-authenticated state
When a customer accesses the Order status page from an order notification, the URL includes a token. This token provides partial authentication, which allows customers to view all data related to that order without logging in.
Customers can access the pre-authenticated Order status page from order notifications for 3 weeks without logging in, when using the same browser session. When using different browser sessions, customers can access the pre-authenticated Order status page for 2 weeks without logging in, across a maximum of 5 different browser sessions. If this limit is exceeded, the customer will see the unauthenticated Order status page instead, and they’ll need to log in to view the order.
In the pre-authenticated state, customers can't access customer data or data from other orders. Because of this, extensions on the pre-authenticated Order status page shouldn't expose any data or actions outside the scope of the order that the customer is viewing.
If you are building an app that directs customers to the pre-authenticated Order status page, then you need to obtain level 2 permission for protected customer data.
Anchor to Fully authenticated stateFully authenticated state
When customers have a valid authentication session, they are considered fully authenticated. This authentication state has no restrictions or limitations for UI extensions.
Anchor to LimitationsLimitations
Anchor to API accessAPI access
Be aware of the following API access restrictions:
-
buyerIdentity.customer.id
is only exposed to extensions when the customer is logged in. This means that in the pre-authenticated state, you can't retrieve the customer's ID. This ensures that the data that is provided to extensions on this page is relevant only to the specific order being viewed. -
Storage access is scoped to the customer.
- For the pre-authenticated Order status page, storage access is scoped to the customer that's associated with the order.
- For the fully authenticated Order status page, storage access is scoped to the authenticated customer.
Anchor to Customer Account APICustomer Account API
The Customer Account API can be accessed in the fully authenticated and pre-authenticated state. In the fully authenticated state, all fields are accessible as long as the app has the required access scope. Fields with the label pre-auth accessible
can be used in the query in the pre-authenticated state. Make sure there is a path from the query root to the field. Querying a field without the pre-auth accessible
label, in the pre-authenticated state, can lead to an “Access denied” error.
Customers must be fully authenticated to complete order actions built with order action menu extensions.
Order action menu extensions on the pre-authenticated Order status page prompt the customer to log in. After logging in, customers are returned to the fully authenticated Order status page, where the order action is automatically resumed.
For example, when an extension intends to open a modal, the modal is opened automatically when the customer returns to the Order status page after logging in.
The following video demonstrates a customer clicking an order action menu extension on the pre-authenticated Order status page:
Order action menu extensions on the fully authenticated Order status page trigger the action immediately, without prompting the customer to log in first.
The following video demonstrates a customer clicking an order action menu extension on the fully authenticated Order status page:
Anchor to Next stepsNext steps
Build an extension for the pre-auth Order status page, which customers can access without logging in.
Build an order action that lets customers manage their order from the Order index and Order status pages.
Build an extension that renders between existing UI on the Order status page.