Skip to main content
A mobile app uses exactly the same Storefront API as a web frontend. The only difference is that it doesn’t run on the store’s domain, so identify the store with the publishable key on every request.

Client setup

Customer login & tokens

Login (POST /auth/login) returns an access_token (~30 min) and a refresh_token. Store the refresh token securely (Keychain / Keystore) and renew the access token with POST /auth/refresh. Send the access token as Authorization: Bearer on account-area calls.

Push notifications

Register the customer’s device token for transactional notifications (order shipped, etc.) through the Storefront API’s device-push endpoints — see the API Reference.
Images and payments work the same as on the web: image URLs must be prefixed with the origin, and the payment flow returned by POST /checkout must be completed with the gateway’s native SDK (Stripe/PayPal/…) when required.