Shopify Multipass is a single sign-on (SSO) mechanism for Shopify Plus stores. It lets you authenticate customers on an external system (your website, app, or portal) and seamlessly log them into your Shopify store without requiring a second login.
The flow works like this: A customer logs into your external system. Your server generates an encrypted Multipass token containing the customer's email. You redirect the customer to `https://yourstore.myshopify.com/account/login/multipass/
You need Multipass when you have a separate website or web app with its own authentication, and you want customers to transition to your Shopify store without logging in again. Common scenarios include membership portals that link to a Shopify store for purchases, mobile apps with embedded Shopify checkout, loyalty program dashboards that redirect to shop for reward redemption, and marketing sites with gated content that link to a Shopify storefront.
Multipass requires Shopify Plus. It's not available on Basic, Shopify, or Advanced plans. If you're on a lower plan and need SSO, third-party apps like those from miniOrange or Okta offer alternative approaches — but none match Multipass's native integration depth.
Multipass tokens are single-use and expire after 15 minutes. This means you generate them on-the-fly when the customer clicks through — never pre-generate tokens in advance or embed them in static HTML.
Multipass is Shopify Plus's native SSO that eliminates the double-login problem between your external site and Shopify store — one token, one redirect, zero friction.
Map every customer touchpoint where users transition from your external system to Shopify — each of those is a friction point that Multipass can eliminate.
Multipass works with all Shopify customer features — accounts, order history, saved addresses, and loyalty program data all sync through the authenticated session.
Setup starts in your Shopify admin. Navigate to Settings > Customer accounts. In the Multipass section, click "Turn on" to enable the feature.
Once enabled, Shopify generates a Multipass secret — a long string that you'll use to encrypt tokens. Copy this secret immediately and store it securely. You'll need it in your server-side code. Never expose this secret in client-side JavaScript, public repositories, or logs.
Configure your customer account settings. Multipass works with both classic customer accounts and the new customer account experience. For the smoothest integration, enable "Allow customers to log in from the Online Store or Checkout" so Multipass tokens can create new accounts automatically.
If you want Multipass to create new customer accounts when they don't exist, ensure the "Customer accounts" setting is set to "Optional" or "Required." With "Disabled" accounts, Multipass won't work because there's no customer account system to log into.
Test the setup before writing any code. You can verify Multipass is active by checking that the Settings > Customer accounts page shows the Multipass section as "On" with the secret visible. If you don't see the Multipass section, confirm your store is on a Shopify Plus plan.
Enable Multipass in Settings > Customer accounts, copy the generated secret, and store it securely — the secret is required for token generation.
Store your Multipass secret in environment variables or a secrets manager — never hardcode it in source files or commit it to version control.
Multipass integrates with Shopify's customer account system — tokens can create new accounts or log into existing ones based on email matching.
Multipass tokens are generated server-side using the secret from your Shopify admin. The process uses AES-256-CBC encryption and HMAC-SHA256 signing — all derived from the Multipass secret.
The token generation flow has four steps. First, derive two keys from the Multipass secret using SHA-256: an encryption key (first 16 bytes) and a signing key (last 16 bytes). Second, build a JSON payload with the required customer data — at minimum, the customer's email. Third, encrypt the JSON payload with AES-256-CBC using the encryption key and a random IV. Fourth, sign the encrypted data with HMAC-SHA256 using the signing key. The final token is the base64url-encoded concatenation of the encrypted data and signature.
The JSON payload supports these fields: `email` (required) — the customer's email address. `created_at` (required) — ISO 8601 timestamp of token creation. `first_name`, `last_name` (optional) — customer name. `tag_string` (optional) — comma-separated tags to apply to the customer. `identifier` (optional) — unique identifier if email isn't sufficient. `remote_ip` (optional) — customer's IP for added security. `return_to` (optional) — URL to redirect to after login.
The `return_to` field is particularly useful. Set it to the product page, collection, or checkout URL you want the customer to land on after authentication. Without it, Multipass redirects to the account page.
Libraries exist for most languages — Ruby (official Shopify gem), Python, Node.js, PHP, and Go all have community implementations. Search "shopify multipass [language]" for the most current libraries.
Tokens are generated server-side using AES-256-CBC encryption and HMAC-SHA256 signing — never generate tokens client-side or expose the secret.
Always include the `return_to` field in your token payload — redirect customers to the page they intended to visit, not the generic account page.
The `tag_string` field lets you tag customers during SSO login — use it to mark Multipass users for segmentation in Shopify admin.
Multipass tokens carry authentication authority — a valid token logs someone in without a password. Security mistakes here have real consequences.
Secret management: Store the Multipass secret in environment variables, a secrets manager (AWS Secrets Manager, HashiCorp Vault), or encrypted configuration. Never commit it to Git. Rotate the secret periodically by regenerating it in Shopify admin — note that rotation invalidates all existing tokens, so coordinate with your deployment.
Token freshness: Tokens expire after 15 minutes and are single-use. Generate tokens on-demand when the customer clicks a link — never pre-render tokens into HTML pages, cache them, or store them in databases. A stale or reused token will be rejected by Shopify.
Transport security: Always serve Multipass redirect URLs over HTTPS. The token is in the URL path, so HTTP would expose it to network observers. Shopify requires HTTPS anyway, but ensure your own site (where the token is generated) also uses HTTPS.
Input validation: Sanitize all customer data before including it in the token payload. The email field in particular should be validated — an incorrectly formatted email will cause the login to fail silently. Validate email format and normalize casing before encryption.
Rate limiting: Implement rate limiting on your token generation endpoint. An attacker who discovers the endpoint could attempt to generate tokens at scale. Limit to a reasonable rate — 10-20 requests per IP per minute is sufficient for legitimate use.
Logging: Log Multipass redirect events (without the token itself) for audit purposes. Track which customers used Multipass login, when, and from which referrer. This data helps debug integration issues and detect abuse.
Generate tokens on-demand (never cached), store the secret in environment variables, always use HTTPS, and implement rate limiting on the generation endpoint.
Set up a monitoring alert for Multipass login failures — a spike in failures often indicates a configuration issue or a token generation bug that's silently blocking customers.
The most powerful use of Multipass is connecting loyalty program experiences to Shopify checkout without friction. When a loyalty member clicks "Redeem Reward" in your loyalty portal, wallet pass, or mobile app, Multipass logs them into Shopify and applies their reward — all in one seamless redirect.
Here's the flow: Customer views their loyalty dashboard and clicks "Redeem 500 points for 15% off." Your system generates a Multipass token with the customer's email and a `return_to` URL pointing to the checkout or a specific product page. The discount code is either auto-applied via URL parameter or pre-loaded in the customer's draft order. Customer arrives at Shopify, already logged in, with the discount ready to use.
This eliminates the three biggest friction points in loyalty redemption: logging in, finding the reward, and applying it. Each of those steps loses customers. Multipass collapses them into a single click.
For wallet pass integration specifically, this flow is transformative. A customer taps a push notification from their loyalty wallet pass: "You've earned a reward — tap to redeem." The link generates a Multipass token and redirects to Shopify with the reward pre-applied. From notification to checkout-ready in under 3 seconds.
If you're using JeriCommerce or similar Shopify loyalty apps, check whether they handle Multipass token generation natively. Some apps include built-in SSO flows that abstract the token generation entirely — you configure the connection once and the loyalty-to-Shopify redirect works automatically.
For merchants evaluating the full loyalty stack, our loyalty cost comparison tool helps compare platforms that include SSO capabilities versus those that require separate Multipass implementation.
Multipass turns loyalty reward redemption into a one-click flow — customer taps "Redeem," gets logged into Shopify, and finds their reward pre-applied.
Map your loyalty redemption flow end-to-end: how many clicks does it take from "Redeem" to checkout? If it's more than 2, Multipass can cut it down.
Combine Multipass with Shopify's automatic discount codes — the token logs the customer in while URL parameters apply the loyalty discount, creating a seamless one-click redemption.
Wallet push notification → Multipass token → Shopify checkout with reward pre-applied = the fastest loyalty redemption flow possible, under 3 seconds.
Even experienced developers hit these issues. Here are the most common Multipass problems and their solutions.
Token rejected with no error message: Shopify redirects to the login page silently when a token is invalid. Check three things: Is the `created_at` timestamp within the last 15 minutes? Is the token being reused (tokens are single-use)? Is the Multipass secret in your code the same as the one in Shopify admin?
Customer created but not logged in: This happens when the customer account setting conflicts with Multipass. Ensure customer accounts are set to "Optional" or "Required" — not "Disabled." Also check that the email in the token matches a valid email format.
Redirect loop between your site and Shopify: Usually caused by your site detecting the customer isn't logged in (in your system) and redirecting them back to Multipass. Add a session flag after the Multipass redirect to prevent re-triggering the SSO flow.
Duplicate customer accounts: Multipass matches customers by email. If the email in your external system doesn't match the Shopify account email (e.g., different casing or a plus-alias), Multipass creates a new account. Normalize email addresses before token generation — lowercase the entire email and trim whitespace.
Multipass works in development but fails in production: Check that your production environment has the correct Multipass secret. A common mistake is deploying with a staging secret or an old rotated secret. Also verify that the clock on your production server is synchronized — a clock drift of more than 15 minutes causes token expiration failures.
`return_to` URL ignored: Shopify only accepts `return_to` URLs that point to your own Shopify store domain. External URLs are silently ignored. Ensure the path starts with `/` and doesn't include the full domain.
Most Multipass failures are silent — the customer lands on the login page with no error. Always check token freshness, secret matching, and email format first.
Build a Multipass debug endpoint that generates a token, redirects to Shopify, and logs the result — use it to quickly verify the integration after any change.
Multipass requires Shopify Plus, which starts at $2,300/month. If you're on a standard Shopify plan, here are SSO alternatives that cover common use cases.
Third-party SSO apps: miniOrange, Okta, and Auth0 offer Shopify SSO integrations that work on standard plans. These typically use OAuth 2.0 or SAML instead of Multipass tokens. The integration is less seamless — there's usually a brief redirect and loading screen — but it achieves the same end result: one login across systems.
Shopify Customer Account API: For headless Shopify implementations (Hydrogen, custom storefronts), the Customer Account API provides authentication flows without Multipass. You manage customer sessions through API tokens instead of redirect-based SSO.
Deep linking with pre-filled data: If full SSO isn't feasible, reduce friction by deep-linking customers from your external site to Shopify with pre-filled data (email, name) via URL parameters. The customer still needs to log in, but the form is partially completed. Not true SSO, but it cuts friction significantly.
Wallet pass as identity bridge: For loyalty-focused use cases, wallet passes can serve as a lightweight identity layer. The wallet pass contains the customer's identifier, and when scanned at Shopify POS or presented online, it links to the customer profile without requiring a separate login. This approach works on all Shopify plans and covers the most common loyalty SSO need — identifying customers at checkout.
For most merchants, the wallet pass approach is the pragmatic choice. It solves the core problem (identifying loyalty members seamlessly) without the $2,300/month Shopify Plus requirement. See our guide on creating wallet loyalty cards on Shopify for the implementation walkthrough.
Non-Plus stores can achieve SSO-like experiences through third-party apps (miniOrange, Auth0), the Customer Account API for headless builds, or wallet passes as a lightweight identity bridge.
If Multipass is your only reason for considering Shopify Plus, evaluate wallet pass-based identity first — it covers most loyalty SSO needs at a fraction of the cost.
Shopify's Customer Account API provides programmatic authentication for headless stores, while wallet passes offer a no-code identity layer for standard plans.
Wallet passes serve as a lightweight SSO alternative — the pass identifies the customer at POS and online checkout without requiring Shopify Plus or Multipass tokens.
Shopify Multipass eliminates the friction of double login between your external systems and Shopify store. The implementation requires Shopify Plus and server-side token generation, but the payoff — higher conversion, seamless loyalty redemption, and a unified customer experience — justifies the technical investment. For non-Plus stores, wallet pass-based identity offers a lightweight alternative that covers most loyalty SSO needs.
JeriCommerce integrates with Shopify to deliver seamless loyalty experiences — wallet passes that identify customers at checkout, automatic points updates, and push notifications, all without requiring Multipass or Shopify Plus.
JeriCommerce delivers wallet-based loyalty on Shopify. customers identified at checkout via wallet pass, no Multipass or Plus required.
Install Free on Shopify