Customer Accounts MCP server
The Customer accounts MCP server is currently available in early access only as part of Shopify's Next-Gen Dev Platform. To get started:
- Visit the Next-Gen Dev Platform page and submit a request to join the invitation-only early access program.
- Once you have submitted your Next-Gen Dev Platform application, you can request access to the Customer accounts MCP server by completing the early access request form.
Our team will review your requests and follow up with next steps. Early access features are subject to change.
The Customer accounts MCP server provides tools for customer-specific actions, including order management and account details. Use this server when your AI assistant needs to handle authenticated customer requests, such as checking order status, retrieving order details, or managing account preferences.
Anchor to RequirementsRequirements
- Your store must have a custom domain configured.
- Your app must meet Shopify's protected customer data requirements.
- You must have completed the customer accounts MCP integration steps.
Anchor to EndpointEndpoint
Anchor to AuthenticationAuthentication
The Customer accounts MCP server requires authentication via an OAuth 2.0 access token. You'll need to get this token using the authorization code grant flow with PKCE. Set up authentication by following these steps:
-
Update your app's toml file with the required customer authentication configuration and redirect URIs:
[access_scopes]scopes = "customer_read_customers, customer_read_orders..."[mcp.customer_authentication]redirect_uris = ["https://your-app-domain.com/callback"] -
Deploy your application.
-
Request Level 2 protected customer data (PII) access from your Shopify Partner dashboard.
-
Install your app on the development store.
-
Get the customer accounts domain via a Storefront GraphQL request.
-
Implement the OAuth 2.0 authorization code flow with PKCE, using the OAuth discovery endpoint to get access tokens.
-
Authenticate your Customer Accounts MCP requests with the access token.
Anchor to ImplementationImplementation
Integrate the Customer accounts MCP server
with your AI shopping assistant by following these steps.
The authentication flow begins when your app attempts to access customer data without a valid access token. When the Customer accounts MCP server returns a 401 Unauthorized
response, you need to initiate the OAuth flow. Your app should:
-
Get the Customer Accounts domain using a Storefront GraphQL request:
query shop {shop {customerAccountUrl}} -
Create and fetch the OAuth 2.0 discovery endpoint URL from the MCP endpoint:
https://{customAccountUrl}/.well-known/oauth-authorization-server
Build an OAuth 2.0 authorization request using the PKCE authorization code flow:
Anchor to Step 3: Handle the callbackStep 3: Handle the callback
After the user authenticates, handle the callback by:
- Receiving the authorization code at your registered redirect URI.
- Exchanging this code (with the original
code_verifier
) for an access token using thetoken_endpoint
value from the discovery request. - Storing the access token securely for future API requests.
Anchor to Step 4: Retry the original requestStep 4: Retry the original request
Use the access token to retry your original MCP request:
Anchor to Step 5: Deploy your app and restart the serverStep 5: Deploy your app and restart the server
After configuring customer accounts authentication, deploy your app and restart the server to apply the changes:
Anchor to Available toolsAvailable tools
The Customer MCP server provides a set of tools for managing customer accounts and orders. Use the tools/list
command to discover available tools and their capabilities. Each tool is documented with a complete schema that defines its parameters, requirements, and response format.
Anchor to Understanding tool schemasUnderstanding tool schemas
Each tool provides a JSON schema that defines:
- Required and optional parameters
- Data types and formats
- Validation rules and constraints
- Enumerated values where applicable
- Response schema
Tools follow these common patterns:
- IDs follow the format
gid://shopify/<Type>/<id>
- Order numbers may include an optional
#
prefix - Quantities are positive integers
- Dates are in ISO 8601 format
- Monetary amounts include currency codes
You can introspect the tools schema with the tools/list
command.
Anchor to Error handlingError handling
All MCP Customer Accounts API tools use consistent error-handling patterns:
- Validation errors: Return specific, descriptive error messages.
- Processing errors: Return
Unable to process the request, try again
. - Resource not found errors: Return clear messages about the missing resource (such as
Order not found with number: {order_number}
).
Anchor to Limit ratesLimit rates
These tools follow standard API rate limiting policies. Make sure you handle rate limit responses appropriately.