/services/webshop/v1/customer/auth/invitation/accept
Public
Submitted by the storefront's accept-invitation page after the customer clicks the link from their invitation email. Validates the token, sets the customer's password, marks the email verified (reaching the inbox + entering the token proves ownership) and issues a sanctum bearer token so the customer is signed in immediately.
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
project_id |
integer | Yes | 1 |
|
email |
string (email)
max: 191 |
Yes | jane@example.com |
|
token |
string | Yes | 7K3xLq9mP2rN5vB8yT6wF4jH1sA0cE |
|
password |
string
max: 191 |
Yes | correct-horse-battery-staple |
|
password_confirmation |
string
max: 191 |
Yes |
| Header | Type | Description | Example |
|---|---|---|---|
X-RateLimit-Limit |
integer | Maximum number of requests allowed per minute | 60 |
X-RateLimit-Remaining |
integer | Number of requests remaining in the current window | 57 |
| Field | Type | Description |
|---|---|---|
error |
boolean | |
message |
string | |
data |
object | |
data.customer |
object | |
data.token |
null |
| Header | Type | Description | Example |
|---|---|---|---|
X-RateLimit-Limit |
integer | Maximum number of requests allowed per minute | 60 |
X-RateLimit-Remaining |
integer | Number of requests remaining in the current window | 57 |
| Field | Type | Description |
|---|---|---|
error |
boolean | |
message |
string | |
data |
mixed[] |
| Field | Type | Description |
|---|---|---|
message |
string | Errors overview. |
errors |
object | A detailed description of each field that failed validation. |
| Header | Type | Description | Example |
|---|---|---|---|
X-RateLimit-Limit |
integer | Maximum number of requests allowed per minute | 60 |
X-RateLimit-Remaining |
integer | Number of requests remaining in the current window | 57 |
Retry-After |
integer | Seconds until the rate limit resets | 60 |
| Field | Type | Description |
|---|---|---|
error |
boolean | |
message |
string |
curl -X POST "https://api.wemasy.nl/api/services/webshop/v1/customer/auth/invitation/accept" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
"project_id": 1,
"email": "jane@example.com",
"token": "7K3xLq9mP2rN5vB8yT6wF4jH1sA0cE",
"password": "correct-horse-battery-staple",
"password_confirmation": "string"
}'fetch('https://api.wemasy.nl/api/services/webshop/v1/customer/auth/invitation/accept', {
method: 'POST',
headers: {
'Authorization': 'Bearer YOUR_API_TOKEN',
'Accept': 'application/json',
'Content-Type': 'application/json'
},
body: JSON.stringify({
"project_id": 1,
"email": "jane@example.com",
"token": "7K3xLq9mP2rN5vB8yT6wF4jH1sA0cE",
"password": "correct-horse-battery-staple",
"password_confirmation": "string"
})})
.then(r => r.json())
.then(data => console.log(data));$response = Http::withToken('YOUR_API_TOKEN')
->accept('application/json')
->post('https://api.wemasy.nl/api/services/webshop/v1/customer/auth/invitation/accept', {
"project_id": 1,
"email": "jane@example.com",
"token": "7K3xLq9mP2rN5vB8yT6wF4jH1sA0cE",
"password": "correct-horse-battery-staple",
"password_confirmation": "string"
});
$data = $response->json();import requests
headers = {
"Authorization": "Bearer YOUR_API_TOKEN",
"Accept": "application/json"
}
data = {
"project_id": 1,
"email": "jane@example.com",
"token": "7K3xLq9mP2rN5vB8yT6wF4jH1sA0cE",
"password": "correct-horse-battery-staple",
"password_confirmation": "string"
}
r = requests.post("https://api.wemasy.nl/api/services/webshop/v1/customer/auth/invitation/accept", headers=headers, json=data)
print(r.json()){
"customer": {
"id": 42,
"email": "jane@example.com",
"firstname": "Jane",
"lastname": "Doe",
"email_verified_at": "2026-05-12T12:00:00Z"
},
"token": "1|plaintext-sanctum-token-here",
"message": "Welcome! Your account is ready."
}