Shopify Multipass With .net

- 1 answer

I am trying to implement Shopify Multipass in my "Development" store. I've enabled Multiplass and set "Accounts are required" in Checkout settings.

Created a new customer via API and getting this result when querying for this customer:

  "accepts_marketing": false,
  "addresses": [],
  "created_at": "2019-02-14T14:17:17-05:00",
  "currency": "USD",
  "default_address": null,
  "email": "[email protected]",
  "first_name": "M1",
  "multipass_identifier": null,
  "last_name": "M1",
  "last_order_id": null,
  "last_order_name": null,
  "note": null,
  "orders_count": 0,
  "phone": null,
  "state": "disabled",
  "tags": "",
  "tax_exempt": false,
  "total_spent": 0,
  "updated_at": "2019-02-14T14:17:17-05:00",
  "verified_email": true,
  "metafields": null,
  "id": 892572631087

I run my process generating the token (using .net nuget)

with this input:

  string json = "{\"created_at\":\"2019-02-14T14:17:17-05:00\",\"email\":\"[email protected]\"}";
        var url = pass.Process(json);

        return Redirect(url);

this is the generated output:

After the redirect I get "Invalid Multipass request"

  • What am I doing wrong?
  • Just to confirm, multipass_identifier is NULL when creating the user (should it be null?)
  • What I am trying to achieve is to user/password protect shopify store so that only users that are logged in (through my external app) be allowed to enter the shopify store/view and purchase products. Is Multipass for this purpose?

Any help would be appreciated.




Multipass login is for store owners who have a separate website and a Shopify store. It redirects users from the website to the Shopify store and seamlessly logs them in with the same email address they used to sign up for the original website.

So whenever you redirect a user with valid multipass URL, the user will be logged in and if the user does not exist than it is created first and then logged in.


At Shopify, we use email addresses as unirong>multipass_identifier

At Shopify, we use email addresses as unique identifiers for customers of a shop. If your site uses other identifiers (such as usernames), or if it is possible that two different users of your site registered with the same email address, you must set the unique identifier in the "identifier" field to avoid security problems. If the email address is always unique, you don't need to set the "identifier" field.

So on normal account creation, multipass_idenifier will be null and will only be populated if a user is created via multipass request and identifier field was specified.

created_at param is current timestamp (in ISO8601 encoding).

For the usecase you have mentioned above, I don't think it will work if you use the Shopify password protected store feature. I tested and it redirects you to password page and same token cannot be used again.