Validate Password | BigCommerce Developer Center

This endpoint has special rate limiting protections to protect against abuse.

Provided a password, will return a true/false response indicating if the provided password matches the customer’s current password. This endpoint is useful if you want to power the login of another system using BigCommerce’s stored customer accounts, or as a safe way to migrate passwords to another system (by checking them against BigCommerce’s password, and if correct, storing it in another system securely.) If the password matches what’s stored against the customer account, the response will be:

showLineNumbers copy

1 {
2     "success": "true"
3 }

If the password does NOT match, the response will instead be:

showLineNumbers copy

1 {
2     "success": "false"
3 }

**This endpoint has special rate limiting protections to protect against abuse.** Provided a password, will return a true/false response indicating if the provided password matches the customer’s current password. This endpoint is useful if you want to power the login of another system using BigCommerce’s stored customer accounts, or as a safe way to migrate passwords to another system (by checking them against BigCommerce’s password, and if correct, storing it in another system securely.) If the password matches what’s stored against the customer account, the response will be: ```js showLineNumbers copy { "success": "true" } ``` If the password does NOT match, the response will instead be: ```js showLineNumbers copy { "success": "false" } ```

Authentication

X-Auth-Tokenstring

OAuth scopes

UI Name	Permission	Parameter
Customers	modify	`store_v2_customers`
Customers	read-only	`store_v2_customers_read_only`

Authentication header

Header	Argument	Description
`X-Auth-Token`	`access_token`	For more about API accounts that generate `access_token`s, see our Guide to API Accounts.

### OAuth scopes | UI Name | Permission | Parameter | |:--------|:-----------|:----------| | Customers | modify | `store_v2_customers` | | Customers | read-only | `store_v2_customers_read_only` | ### Authentication header | Header | Argument | Description | |:-------|:---------|:------------| | `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide to API Accounts](/developer/docs/overview/api-accounts#api-accounts). | ### Further reading For example requests and more information about authenticating BigCommerce APIs, see [Authentication and Example Requests](/developer/docs/overview/api-accounts#x-auth-token-header-example-requests). For more about BigCommerce OAuth scopes, see our [Guide to API Accounts](/developer/docs/overview/api-accounts#oauth-scopes). For a list of API status codes, see [API Status Codes](/developer/api-reference/rest/overview#rest-http-status-codes).

Path parameters

customer_idstringRequired

Request

This endpoint expects an object.

passwordstringOptional

String to run against customer password. Will return a true or false.

Response

successboolean

Will return true or false.

1	curl -X POST https://api.bigcommerce.com/stores/store_hash/v2/customers/customer_id/validate \
2	-H "X-Auth-Token: <apiKey>" \
3	-H "Content-Type: application/json" \
4	-d '{}'