Token login allows authenticated users access to their Swell-hosted account and order information without needing to log in a second time. This is useful for sellers and merchants that have an existing third-party user authentication service and wish to use it in their Swell store.

For example, let’s say you’re a merchant who manages a blog and a Swell store. When a customer logs in to your blog, token login also lets them access their Swell account. This saves customers from having to log in twice.

Swell uses the bycrpt algorithm to hash passwords.

To bypass the standard Swell user login, generate a password token on the backend using the Swell API and then send it to the client application.

Make a request from your front-end app to your server.
const response = await axios.get('/api/generateToken', {
  params: {
    email: '<user email>'
const token =;

Generate a token within your server-side API route or backend service.
const email =

// Respond with password_token created on the account object
const response = await swell.put(`/accounts/${email}`, {
  password_token: null


Login client app with returned token.
await swell.account.login('<email>', {
  password_token: token

Great job—you have successfully set up token login for your store. Check out our core concepts guide series for more details about Swell models and their usage.