Adding & Removing Users on Snipcart | OpsBlu Docs

Adding & Removing Users on Snipcart

Adding & Removing Users on Snipcart — setup, configuration, and best practices for Snipcart.

Snipcart is a headless e-commerce engine that overlays on any website. It manages two distinct user types: merchant team members who access the Snipcart dashboard, and customers who create accounts during checkout. Team management happens in the Snipcart dashboard, while customer management uses both the dashboard and the REST API.

How Snipcart User Management Works

Snipcart separates concerns clearly:

  • Merchant Account -- The Snipcart subscription holder (billing owner)
  • Team Members -- Collaborators invited to the Snipcart dashboard with role-based access
  • Customers -- Shoppers who create accounts during checkout for order tracking and saved addresses

Snipcart does not manage CMS users. Your website platform (WordPress, Next.js, Hugo, etc.) handles its own authentication separately from Snipcart.

Adding Team Members

  1. Log in to the Snipcart dashboard at https://app.snipcart.com
  2. Click your account name in the bottom-left corner
  3. Select Team from the account menu
  4. Click Invite team member
  5. Enter the team member's email address
  6. Select their role:
    • Owner -- Full access including billing, API keys, and team management
    • Admin -- Full access except billing management
    • Support -- Can view orders, manage customers, process refunds
    • Developer -- Access to API keys, webhooks, and custom configurations
  7. Click Send invitation

The invited user receives an email to accept the invitation. If they do not have a Snipcart account, they create one during the acceptance flow.

Managing Customers

Viewing Customers in the Dashboard

  1. Navigate to Customers in the left sidebar of the Snipcart dashboard
  2. Search by name, email, or order number
  3. Click a customer to view their profile:
    • Order history
    • Saved addresses
    • Total spent and order count
    • Account status

Creating Customers via REST API

Snipcart customers are typically created during checkout, but you can manage them via the API:

# List all customers
curl "https://app.snipcart.com/api/customers?limit=20&offset=0" \
  -H "Accept: application/json" \
  -u "YOUR_SECRET_API_KEY:"

# Get a specific customer
curl "https://app.snipcart.com/api/customers/{customerId}" \
  -H "Accept: application/json" \
  -u "YOUR_SECRET_API_KEY:"

# Update a customer
curl -X PUT "https://app.snipcart.com/api/customers/{customerId}" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -u "YOUR_SECRET_API_KEY:" \
  -d '{
    "email": "jane@example.com",
    "billingAddress": {
      "fullName": "Jane Developer",
      "address1": "123 Main St",
      "city": "Portland",
      "province": "OR",
      "postalCode": "97201",
      "country": "US"
    }
  }'

Customer Account Creation via JavaScript

Snipcart provides client-side methods for customer management:

<!-- Add a customer login/register button to your site -->
<button class="snipcart-customer-signin">
  My Account
</button>

<!-- Snipcart handles the authentication modal automatically -->
<script>
  // Listen for customer sign-in events
  document.addEventListener('snipcart.ready', () => {
    Snipcart.events.on('customer.signedin', (customer) => {
      console.log('Customer signed in:', customer.email);
      // Update your site UI based on login state
    });

    Snipcart.events.on('customer.signedout', () => {
      console.log('Customer signed out');
    });
  });
</script>

Bulk User Management

Bulk Customer Export

# Export all customers with pagination
#!/bin/bash
API_KEY="YOUR_SECRET_API_KEY"
OFFSET=0
LIMIT=50
ALL_CUSTOMERS="[]"

while true; do
  RESPONSE=$(curl -s "https://app.snipcart.com/api/customers?limit=$LIMIT&offset=$OFFSET" \
    -u "$API_KEY:")

  COUNT=$(echo "$RESPONSE" | jq '.items | length')
  if [ "$COUNT" -eq 0 ]; then
    break
  fi

  ALL_CUSTOMERS=$(echo "$ALL_CUSTOMERS" | jq --argjson new "$(echo "$RESPONSE" | jq '.items')" '. + $new')
  OFFSET=$((OFFSET + LIMIT))
  echo "Fetched $OFFSET customers..."
done

echo "$ALL_CUSTOMERS" | jq -r '.[] | [.email, .billingAddress.fullName, .statistics.ordersCount, .statistics.ordersAmount] | @csv' > customers-export.csv
echo "Exported to customers-export.csv"

Bulk Customer Operations via Node.js

// bulk-customer-ops.js
const API_KEY = 'YOUR_SECRET_API_KEY';
const BASE_URL = 'https://app.snipcart.com/api';

async function snipcartRequest(endpoint, method = 'GET', body = null) {
  const options = {
    method,
    headers: {
      'Accept': 'application/json',
      'Content-Type': 'application/json',
      'Authorization': `Basic ${Buffer.from(API_KEY + ':').toString('base64')}`,
    },
  };
  if (body) options.body = JSON.stringify(body);

  const response = await fetch(`${BASE_URL}${endpoint}`, options);
  return response.json();
}

// Find customers who haven't ordered in 6 months
async function findInactiveCustomers() {
  const sixMonthsAgo = new Date();
  sixMonthsAgo.setMonth(sixMonthsAgo.getMonth() - 6);

  let offset = 0;
  const inactive = [];

  while (true) {
    const data = await snipcartRequest(`/customers?limit=50&offset=${offset}`);
    if (data.items.length === 0) break;

    for (const customer of data.items) {
      const lastOrder = new Date(customer.statistics.lastOrderDate);
      if (lastOrder < sixMonthsAgo) {
        inactive.push({
          email: customer.email,
          lastOrder: customer.statistics.lastOrderDate,
          totalSpent: customer.statistics.ordersAmount,
        });
      }
    }
    offset += 50;
  }

  console.log(`Found ${inactive.length} inactive customers`);
  return inactive;
}

findInactiveCustomers();

Removing and Deactivating Users

Removing Team Members

  1. Go to Account > Team in the Snipcart dashboard
  2. Find the team member in the list
  3. Click the Remove button next to their name
  4. Confirm the removal

The removed team member immediately loses access to the Snipcart dashboard. Their Snipcart account remains active for their own stores if they have any.

Important: You cannot remove the account owner. To transfer ownership, contact Snipcart support.

Deleting Customer Accounts

Snipcart does not provide a one-click customer deletion in the dashboard. Customer data management follows GDPR-aware practices:

Via REST API (GDPR deletion):

# Delete a customer and their personal data
# Note: This preserves order records but removes PII
curl -X DELETE "https://app.snipcart.com/api/customers/{customerId}" \
  -H "Accept: application/json" \
  -u "YOUR_SECRET_API_KEY:"

What happens to their data:

  • Order history is preserved for accounting but personal details are anonymized
  • Saved addresses and payment methods are permanently deleted
  • The customer email is removed, preventing login
  • Subscription records (if using recurring billing) are cancelled
  • Abandoned carts associated with the customer are cleared

Disabling Customer Accounts

Snipcart does not have a native "disable" toggle. To effectively block a customer:

  1. Change their email via the API to an invalid address (prevents login)
  2. Or use webhook-based validation to reject their sessions:
// Webhook endpoint to block specific customers
app.post('/snipcart/webhooks', (req, res) => {
  const { eventName, content } = req.body;

  if (eventName === 'order.completed') {
    const blockedEmails = ['blocked@example.com', 'fraud@example.com'];
    if (blockedEmails.includes(content.email)) {
      return res.json({ errors: [{ key: 'blocked', message: 'Account suspended' }] });
    }
  }

  res.json({});
});

SSO and Enterprise Authentication

Snipcart team authentication uses its own email/password system with optional two-factor authentication. It does not support SAML or LDAP for dashboard access.

Enabling 2FA for team members:

  1. Each team member navigates to their Account Settings
  2. Under Security, click Enable Two-Factor Authentication
  3. Scan the QR code with an authenticator app
  4. Enter the verification code to confirm

For customer-facing SSO on your website, Snipcart integrates with your site's auth system via JavaScript:

// Programmatically sign a customer into Snipcart
// when they authenticate on your site
document.addEventListener('snipcart.ready', () => {
  // After your site authenticates the user
  yourAuthSystem.onLogin((user) => {
    Snipcart.api.customer.signin(user.email, user.snipcartToken);
  });
});

Access Audit Checklist

  • Review team members under Account > Team quarterly
  • Verify each team member's role matches their current responsibilities
  • Audit API key usage under Account > API Keys (rotate keys if team members with Developer access leave)
  • Review webhook endpoints for any that point to decommissioned servers
  • Check customer list for test accounts created during development
  • Verify 2FA is enabled for all team members with Owner or Admin roles
  • Review Snipcart's billing to ensure team member count aligns with expectations
  • Document all team and API key changes in your access management log
返回顶部