Auth Endpoint Requirements & Recommendations



All steps below assume you have an existing Shopify Multipass configuration completed and in use or soon to be in use. If you do not have Multipass setup please refer the setup instructions Shopify provides here

In order to connect your mobile app to Shopify multipass we need a basic set of fields standard with authentication endpoints.

The basic structure of the connection is 3 parts

  • Provide a single authentication endpoint capable of both creating and retrieving a customers' account
  • Upon successful connection, provide Tapcart and thus your app a multipass token
  • If you have a custom forgot password flow that isn't Shopify's, which is common for merchants setting up Multipass with Tapcart, provide a single url to support the flow for a user reseting their password.

Below is an example of what your Multipass (user data) body may look like. You can pass this to the account creation method to create a user account for your customer or the login method if you require additional fields to validate your user.

In order for Tapcart to authenticate with your multipass endpoint please create an API that follows this configuration:


Existing Account Holder

  "username_field_name_key_on_merchant": "<USERNAME>",  
  "passwordField": "<PASSWORD>"  


  • username_field_name_key_on_merchant is the default of username
  • passwordField is the default of password
    Or they are customized field keys you provided to your account manager.

The expected response provided back to our mobile app is:


Where token is the multipass token, and userException is a customized message you would like us to present to the user when the credentials are incorrect or your backend declines the request for any other reason.

New Account

For customers creating an account for the first time via your app we will also collect the users first and last name in addtion to username and password If the fields your endpoint request don't map directly to this we can modify our key names to matching your response. Note this with your Tapcart Customer Success Manager and we can support that.

  "email": "[email protected]",
  "created_at": "2013-04-11T15:16:23-04:00",
  // email, created_at and return_to are the only required fields
  "first_name": "Nic",
  "last_name": "Potts",


Below are 200 and 400 responses we would expect.

"token":  "null"
"userException":  "Sorry. Account login failed. Please try again"

We recommend you provide generic 400 status messages presently as our app does not currently support dynamic toast's with specifics on why the login attempt failed.