Customers
A customer is the buyer-side identity. Customers can have many orders, many addresses, and many stored payment methods.
Object
| Field | Type | Notes |
|---|---|---|
id | string | cust_… |
email | string | Unique within tenant, case-folded |
name | string? | Display name |
phone | string? | E.164 |
addresses[] | array | Default address has is_default: true |
default_currency | string | ISO 4217 |
metadata | object | |
created_at | timestamp |
Endpoints
| Method | Path | Purpose |
|---|---|---|
GET | /v1/customers | List |
POST | /v1/customers | Create |
GET | /v1/customers/{id} | Retrieve |
PATCH | /v1/customers/{id} | Update |
DELETE | /v1/customers/{id} | Anonymise (GDPR-compliant) |
POST | /v1/customers/{id}/merge | Merge target into source |
Merging customers
A common shape: a returning customer signs up with a different email and the storefront creates a new identity. Merge consolidates everything onto the older record.
curl -sS https://api.zephyrcart.io/v1/customers/cust_OLDER/merge \
-H "Authorization: Bearer $ZEPHYR_API_KEY" \
-d '{ "target": "cust_NEWER" }'
What moves:
- All carts, orders, and refunds.
- All stored payment methods (deduplicated by fingerprint).
- All addresses (deduplicated by normalised form).
- All metadata (
targetwins on conflict).
The target customer is then deleted. The operation is not reversible — keep a backup if you
need one.
Anonymisation
DELETE /v1/customers/{id} does not hard-delete. It clears PII (email, name, phone,
addresses), marks the record status=anonymised, and preserves the order history for
accounting. Hard deletion requires a separate, audited support ticket.