Generate a customer impersonation token via the GraphQL Admin API using POST /graphql with the customerImpersonationToken mutation, providing the customerId and channelId; this returns a short-lived token
Create a cart on behalf of the logged-in customer using the Storefront GraphQL API with the generated impersonation token in the Authorization: Bearer header; include customerId in the createCart mutation input
Fetch the checkoutUrl from the cart via the Storefront GraphQL API cartQuery; the URL will include the customer session context
Render Embedded Checkout by calling embedCheckout({ containerId: 'checkout', url: checkoutUrl }) with the SDK; the iFrame will display the checkout pre-populated with the customer's saved addresses and payment methods
Pass the channelId to all Storefront API requests to scope cart and checkout to the correct storefront channel in a multi-storefront setup
Test customer-specific checkout behavior (saved cards, loyalty points) by using a test customer account with known credentials in your staging environment
Known gotchas
Customer impersonation tokens have a short lifespan — generate them server-side immediately before use and do not cache or reuse them across sessions
The customerImpersonationToken GraphQL mutation requires a store-level API account token with store_v2_customers_read_only scope or higher; standard app API tokens may not have sufficient permissions
Embedded Checkout in a multi-storefront setup requires the channelId to be correct for the storefront channel — using the wrong channel ID results in incorrect pricing, tax, or shipping options
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp