Customer accounts and security
Understand how FastSpring creates, secures, and manages customer data.
Each transaction or rebill within your FastSpring store is associated with a customer account.
- New Accounts: If a customer completes a transaction with an email address not associated with an existing account, FastSpring automatically creates a new account using the contact information provided at checkout.
- Rebills: If the customer purchases an automatic rebill subscription, FastSpring also stores a tokenized version of their payment method for future charges.
Account IDs and constraints
Each customer account is assigned a unique Account ID. FastSpring associates all subsequent orders in your store that contain that email address with this ID.
Note: FastSpring uses the combination of store and email address to identify accounts.
- If an existing customer places an order with a new email address, FastSpring creates a new account with a new ID.
- If an existing customer places an order in a separate store (even with the same email), they will have a separate account ID for that store.
To track new accounts programmatically, subscribe to the account.created and order.completed webhook events.
Stored information
FastSpring associates specific data with each customer account. We do not store sensitive raw payment data.
| Data Type | Description |
|---|---|
| Customer Information | First and last name, country, preferred language, email address, and phone number. The street address is stored only if you collect it at checkout. |
| Custom User IDs | If you pass a custom account ID when you create an account, FastSpring stores it with the associated customer information. You can use the API to retrieve this later. |
| Payment Tokens | Tokenized payment references used for recurring billing. See Payment security below for details. |
Payment security
FastSpring does not store raw credit card, PayPal, or SEPA information. Instead, we tokenize the information and store the token with the account.
Tokenization only occurs if one of the following is true:
- The order contains one or more automatic or managed subscriptions.
- The customer selected the Securely save payment details for automated subscription renewal checkbox for a manual-renewal subscription.
Note: If a customer opts out of saving payment info, their subscription converts to a manual renewal subscription.
Data Visibility: FastSpring does not share stored payment tokens with anyone. Customers can view the last four digits of their credit card in their Account Management portal, but only they can see it.
API management
You can use the FastSpring API to retrieve, create, or update customer information programmatically. This is essential if you maintain your own authentication system or external user database and need to keep records in sync.
Find an Account ID by looking up an associated Order ID or Subscription ID.
Retrieve name, email, phone, and company data.
Push updates to customer contact details via the API.
Updating account records
If you need to change customer details (e.g., a user updates their profile on your site), you must use the /accounts API endpoint to update the FastSpring record.
Warning: If you pass new customer information when setting up a new order for an existing Account ID, FastSpring does not automatically update the account record with that new data.
Updated about 6 hours ago