Client setup
Customer login & tokens
Login (POST /auth/login) returns an access_token (~30 min) and a refresh_token.
Store the refresh token securely (Keychain / Keystore) and renew the access token with
POST /auth/refresh. Send the access token as Authorization: Bearer on account-area
calls.
Push notifications
Register the customer’s device token for transactional notifications (order shipped, etc.) through the Storefront API’s device-push endpoints — see the API Reference.Images and payments work the same as on the web: image URLs must be prefixed with the
origin, and the payment flow returned by
POST /checkout must be completed with the
gateway’s native SDK (Stripe/PayPal/…) when required.