Admin Api Keys
Admin Campaigns
Admin Claims
Admin Collections
Admin Currencies
Admin Customer Groups
Admin Customers
Admin Draft Orders
Admin Exchanges
Admin Fulfillment Providers
Admin Fulfillment Sets
Admin Fulfillments
Admin Gift Cards
Admin Inventory Items
Admin Invites
Admin Notifications
Admin Order Edits
Admin Orders
Admin Payment Collections
Admin Payments
Admin Plugins
Admin Price Lists
Admin Price Preferences
Admin Product Categories
Admin Product Tags
Admin Product Types
Admin Product Variants
Admin Products
Admin Promotions
Admin Refund Reasons
Admin Regions
Admin Reservations
Admin Return Reasons
Admin Returns
Admin Sales Channels
Admin Shipping Options
Admin Shipping Profiles
Admin Stock Locations
Admin Store Credit Accounts
Admin Stores
Admin Tax Providers
Admin Tax Rates
Admin Tax Regions
Admin Transaction Groups
Admin Uploads
Admin Users
Admin Workflows Executions
Store Auth
Admin Auth
- POST
  Authenticate User
- POST
  Validate Authentication Callback
- POST
  Retrieve Registration JWT Token
- POST
  Generate Reset Password Token for Admin User
- POST
  Reset an Admin User's Password
Store Carts
Store Collections
Store Currencies
Store Customers
Store Gift Cards
Store Orders
Store Payment Collections
Store Payment Providers
Store Product Categories
Store Product Tags
Store Product Types
Store Products
Store Regions
Store Return Reasons
Store
Store Shipping Options
Store Store Credit Accounts
Admin Algolia
Admin Attributes
Admin Commission
Admin Configuration
Admin Order Sets
Admin Requests
Admin Return Request
Admin Reviews
Admin Sellers
Auth
Store Return Request
Store Reviews
Store Sellers
Store Wishlist
Vendor Attributes
Vendor Campaigns
Vendor Commission
Vendor Configuration
Vendor Customer Groups
Vendor Customers
Vendor Fulfillment Providers
Vendor Fulfillment Sets
Vendor Inventory Items
Vendor Invites
Vendor Current Member
Vendor Members
Vendor Notifications
Vendor Orders
Vendor Payout Account
Vendor Payouts
Vendor Price Lists
Vendor Price Preferences
Vendor Product Categories
Vendor Product Collections
Vendor Product Tags
Vendor Product Types
Vendor Products
Vendor Promotions
Vendor Regions
Vendor Requests
Vendor Reservations
Vendor Return Requests
Vendor Returns
Vendor Sales Channels
Vendor Sellers
Vendor Onboarding
Vendor Reviews
Vendor Shipping Options
Vendor Shipping Profiles
Vendor Statistics
Vendor Stock Locations
Vendor Stores

Admin Auth

Validate Authentication Callback

This API route is used by your dashboard or frontend application when a third-party provider redirects to it after authentication. It validates the authentication with the third-party provider and, if successful, returns an authentication token. All query parameters received from the third-party provider, such as code, state, and error, must be passed as query parameters to this route.

You can decode the JWT token using libraries like react-jwt in the frontend. If the decoded data doesn’t have an actor_id property, then you must create a user, typically using the Accept Invite route passing the token in the request’s Authorization header.

POST

auth

user

{auth_provider}

callback

import Medusa from "@medusajs/js-sdk"

export const sdk = new Medusa({
  baseUrl: import.meta.env.VITE_BACKEND_URL || "/",
  debug: import.meta.env.DEV,
  auth: {
    type: "session",
  },
})

await sdk.auth.callback(
  "user",
  "google",
  {
    code: "123",
    state: "456"
  }
)

// all subsequent requests will use the token in the header
sdk.admin.invite.accept(
  {
    email: "user@gmail.com",
    first_name: "John",
    last_name: "Smith",
    invite_token: "12345..."
  },
)
.then(({ user }) => {
  console.log(user)
})

{
  "token": "<string>"
}

Path Parameters

auth_provider

string

required

The provider used for authentication.

Example:

"google"

Response

200

application/json

The authentication's details.

Authenticate User Retrieve Registration JWT Token

import Medusa from "@medusajs/js-sdk"

export const sdk = new Medusa({
  baseUrl: import.meta.env.VITE_BACKEND_URL || "/",
  debug: import.meta.env.DEV,
  auth: {
    type: "session",
  },
})

await sdk.auth.callback(
  "user",
  "google",
  {
    code: "123",
    state: "456"
  }
)

// all subsequent requests will use the token in the header
sdk.admin.invite.accept(
  {
    email: "user@gmail.com",
    first_name: "John",
    last_name: "Smith",
    invite_token: "12345..."
  },
)
.then(({ user }) => {
  console.log(user)
})

{
  "token": "<string>"
}

API Documentation

Path Parameters

Response