UserClientService
Authentication · UserClientService
It is important to read the sections Why this shape and Reference example and production readiness on Authentication before relying on this page. They explain why the default BFF-centred pattern exists, how you can extend or replace it, and what the reference implementation does and does not promise for production.
This guide explains UserClientService in the Commercetools API integration: it builds API clients that attach the current user’s access token for routes such as /me and other customer-scoped calls. That differs from client-credentials clients used for server-wide work.
Role
Commercetools separates client credentials (machine context) from user tokens (customer context). UserClientService targets user tokens: it reads the access token from the request (through the token provider), rebuilds the client when the token changes, and stays request-scoped so parallel requests do not pick up the wrong customer.
It works alongside TokenStorageService for encrypted cookie access and the auth integration for token validity.
When to use it
Choose this service when a BFF feature must call Commercetools as the logged-in customer—profile, customer cart, orders, or any API that needs the user’s OAuth token. For admin or other non-user calls, use the client-credentials client from the same integration.