Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From saleor-commerce
Manages Saleor customers and staff including accounts, registration, addresses, permissions, and authentication via GraphQL mutations. Use for user management in Saleor apps.
npx claudepluginhub orcaqubits/agentic-commerce-skills-plugins --plugin saleor-commerceHow this skill is triggered — by the user, by Claude, or both
Slash command
/saleor-commerce:saleor-customersThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Fetch live docs**:
Works with Saleor GraphQL API: queries, mutations, subscriptions, cursor pagination, filters, JWT auth, errors, Playground, code gen. Use for Saleor e-commerce integrations.
Manages Medusa v2 customers: profiles, addresses, groups; email/password and social OAuth auth flows, account endpoints. Use for customer CRUD/auth tasks.
Implements RBAC for Shopify Plus apps via staff permissions, multi-location management, and organization features. Provides TypeScript code for GraphQL queries and role mapping.
Share bugs, ideas, or general feedback.
Fetch live docs:
site:docs.saleor.io customers accounts registration for customer account model and registration flowsite:docs.saleor.io staff users permissions groups for staff management and permission systemsite:docs.saleor.io authentication JWT tokens for authentication flow and token handlinghttps://docs.saleor.io/docs/developer/users and review User model, addresses, and account operationssite:docs.saleor.io permission groups MANAGE_PRODUCTS MANAGE_ORDERS for the full list of available permissionsSaleor uses a single User entity for both customers and staff. The isStaff flag distinguishes between them.
| Field | Description |
|---|---|
id | Unique user identifier |
email | Email address (unique, used for login) |
firstName | Customer first name |
lastName | Customer last name |
isActive | Whether the account is enabled |
isStaff | Whether the user has dashboard access |
dateJoined | Account creation timestamp |
lastLogin | Most recent login timestamp |
metadata | Public key-value metadata |
privateMetadata | Staff-only key-value metadata |
languageCode | Preferred language |
defaultShippingAddress | Default shipping address |
defaultBillingAddress | Default billing address |
| Step | Mutation | Description |
|---|---|---|
| 1. Register | accountRegister | Create account with email and password |
| 2. Confirm email | confirmAccount | Verify email with token from confirmation email |
| 3. Active account | -- | Account is active after confirmation |
| Field | Required | Description |
|---|---|---|
email | Yes | Customer email address |
password | Yes | Account password |
firstName | No | First name |
lastName | No | Last name |
redirectUrl | Yes | URL for email confirmation link |
channel | Yes | Channel slug for channel-specific registration |
languageCode | No | Preferred language for communications |
metadata | No | Initial metadata key-value pairs |
| Step | Mutation | Description |
|---|---|---|
| 1. Obtain tokens | tokenCreate | Provide email + password; returns JWT access and refresh tokens |
| 2. Use access token | -- | Include in Authorization: Bearer <token> header |
| 3. Refresh token | tokenRefresh | Exchange refresh token for new access token |
| 4. Verify token | tokenVerify | Check if a token is still valid |
| Token Type | Lifetime | Purpose |
|---|---|---|
| Access token | Short-lived (configurable, default ~5 min) | Authenticate API requests |
| Refresh token | Long-lived (configurable) | Obtain new access tokens |
| CSRF token | Per-session | Protect against cross-site request forgery |
| Operation | Mutation | Notes |
|---|---|---|
| Login | tokenCreate | Returns token, refreshToken, csrfToken |
| Refresh | tokenRefresh | Requires refreshToken; returns new token |
| Verify | tokenVerify | Returns isValid and decoded payload |
| Deactivate all | tokensDeactivateAll | Invalidate all tokens for the user |
Fetch live docs for token expiration configuration and any changes to the JWT authentication model.
Each customer can store multiple addresses with defaults for shipping and billing:
| Field | Description |
|---|---|
firstName | Address first name |
lastName | Address last name |
companyName | Optional company name |
streetAddress1 | Primary street address |
streetAddress2 | Additional address line |
city | City name |
postalCode | Postal or ZIP code |
country | ISO 3166-1 alpha-2 country code |
countryArea | State or province |
phone | Phone number |
isDefaultShippingAddress | Default for shipping |
isDefaultBillingAddress | Default for billing |
| Operation | Mutation | Notes |
|---|---|---|
| Create address | accountAddressCreate | Customer self-service |
| Update address | accountAddressUpdate | Customer self-service |
| Delete address | accountAddressDelete | Customer self-service |
| Set default | accountSetDefaultAddress | Set shipping or billing default |
| Admin create | addressCreate | Staff creating address for a customer |
| Admin update | addressUpdate | Staff updating customer address |
| Admin delete | addressDelete | Staff deleting customer address |
| Aspect | Customer | Staff |
|---|---|---|
isStaff | false | true |
| Dashboard access | No | Yes |
| API scope | Storefront queries, own account | Admin queries, assigned permissions |
| Creation | accountRegister or customerCreate | staffCreate |
| Permissions | None (implicit storefront access) | Assigned via permission groups |
| Operation | Mutation | Notes |
|---|---|---|
| Create staff | staffCreate | Set email, permissions, groups |
| Update staff | staffUpdate | Modify details and permissions |
| Delete staff | staffDelete | Remove staff user |
Permission groups bundle permissions and assign them to staff users:
| Operation | Mutation |
|---|---|
| Create group | permissionGroupCreate |
| Update group | permissionGroupUpdate |
| Delete group | permissionGroupDelete |
| Permission | Grants Access To |
|---|---|
MANAGE_PRODUCTS | Products, categories, collections, product types |
MANAGE_ORDERS | Orders, fulfillments, draft orders |
MANAGE_USERS | Customer accounts and staff users |
MANAGE_STAFF | Staff accounts and permission groups |
MANAGE_DISCOUNTS | Vouchers and promotions |
MANAGE_SHIPPING | Shipping zones and methods |
MANAGE_CHANNELS | Channel configuration |
MANAGE_CHECKOUTS | Checkout operations |
MANAGE_APPS | App installation and configuration |
MANAGE_SETTINGS | Site-wide settings |
MANAGE_TRANSLATIONS | Content translations |
HANDLE_PAYMENTS | Payment processing and transactions |
MANAGE_GIFT_CARD | Gift card creation and management |
MANAGE_PAGE_TYPES_AND_ATTRIBUTES | Page types and attributes |
Fetch live docs for the complete
PermissionEnum-- additional permissions may exist for plugins and newer features.
| Operation | Mutation | Actor |
|---|---|---|
| Request password reset | requestPasswordReset | Customer |
| Set new password | setPassword | Customer (with token) |
| Change password | passwordChange | Customer (authenticated) |
| Request email change | requestEmailChange | Customer |
| Confirm email change | confirmEmailChange | Customer (with token) |
| Update account | accountUpdate | Customer (own profile) |
| Delete account | accountDelete | Customer (with token) |
| Admin create customer | customerCreate | Staff |
| Admin update customer | customerUpdate | Staff |
| Admin delete customer | customerDelete | Staff |
| Admin bulk delete | customerBulkDelete | Staff |
accountRegister for self-service registration and customerCreate for staff-created accountsredirectUrl for email confirmation and password reset to point to your storefrontmetadata (public) or privateMetadata (staff-only)channel parameter in registration to send channel-specific confirmation emailstokensDeactivateAll for security-sensitive operations like password changesaccountAddressCreate for customer-facing flows and addressCreate for admin flowsFetch the Saleor authentication and user management documentation for exact mutation inputs, permission enums, and token handling patterns before implementing.