Issues with reset password and activation emails

GraphQL Admin API Troubleshooting
1

We’re having problems with some users where the reset password email may show one of these problems:

  1. The user does not receive the email
  2. The link in the email redirects to /account/invalid_token
  3. The link doesn’t appear in the email – i.e. the button to reset is there, but it’s not clickable

(The above can happen with the account activation emails but I don’t think we trigger them via Graphql)

The query is:

#graphql
  mutation customerRecover($email: String!) {
    customerRecover(email: $email) {
      customerUserErrors {
        code
        field
        message
      }
    }
  }

The endpoint we’re using is: /api/2024-01/graphql.json

Any suggestions as to how this can be addressed?

1 Like
2

Hey @j_user,

Thanks for reporting this here. Off hand, I do notice you’re using an outdated endpoint so you may want to update that to a current version.

The mutation itself is correct though so I don’t see the version causing issues here. Do you by chance have the x-request-id from the mutation where it resulted in unexpected behavior?

Also, is this happening on a single shop or are you noticing this happening across multiple shops? How frequently do you notice this happening?

4

Thanks for your reply.

I’ve got three x-request-id from two different accounts:

  1. Account A (failed request): 93678c3b-45a0-4ab3-bae2-28024f66fa05-1752485222
  2. Account B (failed request): 216162c0-cd4b-4790-9255-aaba5f76136b-1752488672
  3. Account B (successful request): ee1b8da2-c403-4e6c-9c85-799da8c0d688-1752488904

These were requests to reset the password and uses 2025-07 version. They both exhibit issue where the link in the email redirects to /account/invalid_token.

It’s happening on a single shop (I don’t have any other stores to compare it to). I don’t have any data on the frequency across different users, but at least with the Account A above, it seems to consistently result in one of the issues I mentioned in the initial post.

6

Hi. Not sure if this helps but we have a very similar issue in our shop as well: BUG: Account invite and password reset email not working

Difference is that we don’t use the API to trigger the password reset/account invite.

7

Yeah I saw the link back to my post. I think I’ll be discussing my issue via a support ticket now, but I’ll keep this thread updated. Hopefully we can get it solved soon!

1 Like
8

That would be very nice, thank you!

9

Hey @Marco_Bogner and @j_user,

I’ve been doing some digging in here. Can you tell me if re-sending a second time works?

11

Hi @KyleG-Shopify Yes, in my case resending usually works.

12

Mine doesn’t seem consistent between accounts. Account A I mentioned above seems to consistently have a problem. Account B has had random issues where the link wouldn’t be clickable (maybe about 2/3 times it would work), but for the first time when I tested to get the x-request-id I got the issue where we got the invalid token issue, and then the test after that was fine.