Get customer details
Returns the authenticated customer’s profile + store-level metrics.
Customer-self authentication required. Provide exactly one of:
x-auth-token— Galactic Core customer session JWT (issued by/v1/auth/loginor/v1/auth/verify-otp). The token must resolve to a customer whoseidequals the{id}path parameter.x-external-auth— bring-your-own-auth assertion: a base64url-encoded JSON claim{external_id, iat, exp}followed by.and the base64url HMAC-SHA256 signature of the claim using the store’shmac_secret. Theexternal_idmust resolve to a customer whoseidequals the{id}path parameter. The claim’s lifetime (exp - iat) must not exceed 300s.
Mismatch on either path returns 403. Providing both headers returns 400.
Authorizations
API Key Authentication
Use your API key in the Authorization header:
Key Types:
Secret Keys (Server-Side Only):
- Format:
tybrite_sk_live_*(production) ortybrite_sk_test_*(sandbox) - Full read/write access to all endpoints
- ⚠️ NEVER expose in client-side code or public repositories
- Required for: write operations, authentication, payment verification, AI recommendations
Publishable Keys (Client-Safe):
- Format:
tybrite_pk_live_*(production) ortybrite_pk_test_*(sandbox) - Read-only access (GET requests only, plus POST semantic search)
- ✅ Safe for client-side JavaScript, mobile apps, and public code
- Allowed for: browsing products, search, CMS content, pricing queries
Endpoint-Specific Requirements:
- Authentication endpoints (
/v1/auth/*): Secret key required - Payment verification (
POST /v1/payments/verify): Secret key required - AI Recommendations (
POST /v1/recommendations): Secret key required - Semantic Search (
POST /v1/search): Both key types allowed (read-only operation) - All write operations: Secret key required
- All read operations: Both key types allowed
Using a publishable key for restricted operations returns 403 Forbidden.
Headers
Galactic Core customer session access_token from /v1/auth/login or /v1/auth/verify-otp. The resolved customer must match the {id} path parameter. Provide this OR x-external-auth, not both.
Bring-your-own-auth assertion for stores that manage authentication in an external identity provider (Auth0, Clerk, Cognito, Firebase, NextAuth, SSO).
Format: <base64url(JSON)>.<base64url(HMAC-SHA256(JSON))> where the JSON is { "external_id": "...", "iat": <unix>, "exp": <unix> } and the HMAC is keyed on the store's hmac_secret. Claim lifetime capped at 300 seconds. Provide this OR x-auth-token, not both.
Path Parameters
Query Parameters
Comma-separated list of fields to include in the response.
Allowed Fields:
id,name,email,phone,address,statusjoin_date,total_purchases,last_purchasecreated_at,updated_atstore_metrics,store_metrics.*
Response
Success
The customer's address, or null if not on file.
active, inactive The customer's loyalty/spend tier, derived from their purchase history. New
customers start at bronze.
bronze, silver, gold, platinum "bronze"
Optional identifier from an external identity provider (Auth0, Clerk, Cognito, Firebase, NextAuth, etc). Unique per store + environment. Set this when you manage authentication outside Galactic Core and need a stable handle to map your upstream user back to the Galactic Core customer record.
"auth0|66a3f8c2b1d9c204a1f7e3d1"
Whether the customer has opted in to marketing communications. Defaults to false (opt-in). Set this from your storefront's marketing opt-in checkbox at sign-up, checkout, or in the customer's account preferences. When true, the customer is eligible to be subscribed to the store's connected marketing tools.
true
Timestamp of the customer's most recent purchase, or null if they have not purchased yet.
The customer's total redeemable store-credit balance. Store credit is
issued when a customer accepts a store-credit offer on a return, and can
be applied at checkout (see apply_store_credit on POST /v1/orders).
25
Aggregated purchase metrics for the customer, or null until they have purchase history.
Whether this customer record belongs to the live or test environment.
production, sandbox "production"

