AdobeDocs · keharper · Nov 20, 2025 · Nov 13, 2025 · Nov 20, 2025 · Nov 20, 2025
diff --git a/src/data/navigation/sections/graphql.js b/src/data/navigation/sections/graphql.js
@@ -585,7 +585,11 @@ module.exports = [
               },
               {
                 title: "exchangeExternalCustomerToken",
-                path: "/graphql/schema/customer/mutations/create-external-customer-token/",
+                path: "/graphql/schema/customer/mutations/exchange-external-customer-token/",
+              },
+              {
+                title: "exchangeOtpForCustomerToken",
+                path: "/graphql/schema/customer/mutations/exchange-otp-customer-token/",
               },
               {
                 title: "generateCustomerToken",

diff --git a/src/pages/graphql/schema/customer/mutations/exchange-otp-customer-token.md b/src/pages/graphql/schema/customer/mutations/exchange-otp-customer-token.md
@@ -0,0 +1,48 @@
+---
+title: exchangeOtpForCustomerToken mutation
+edition: saas
+---
+
+# exchangeOtpForCustomerToken mutation
+
+The `exchangeOtpForCustomerToken` mutation allows you to specify a shopper's email address and one-time password (OTP) and receive a customer token in exchange. This mutation is typically used in scenarios where a customer needs to authenticate using an OTP sent to their email or phone.
+
+Upon successful exchange, the module invalidates the OTP so it cannot be reused. The endpoint also integrates with reCAPTCHA configuration to mitigate automated abuse.
+
+## Syntax
+
+`mutation: {
+    exchangeOtpForCustomerToken(email: String!, otp: String!) {CustomerToken}}`
+
+## Example usage
+
+The following example uses the specified email and one-time password (OTP) to return a customer token.
+
+**Request:**
+
+```graphql
+mutation {
+  exchangeOtpForCustomerToken(
+    email: "[email protected]"
+    otp: "gTQySBnj2w4ql9EL6XdnF267mzkK3cQG"
+  ) {
+    token
+  }
+}
+```
+
+**Response:**
+
+```json
+{
+  "data": {
+    "exchangeOtpForCustomerToken": {
+      "token": "<customer-access-token>"
+    }
+  }
+}
+```
+
+## Related topic
+
+*  [customer query](../queries/customer.md)
diff --git a/src/pages/graphql/schema/customer/mutations/index.md b/src/pages/graphql/schema/customer/mutations/index.md
@@ -21,6 +21,8 @@ The customer mutations allow you to perform the following operations:
 * Manage customer tokens and passwords
 
   * [`changeCustomerPassword`](change-password.md)
+  * [`exchangeExternalCustomerToken`](exchange-external-customer-token.md)
+  * | [&#8203;<Edition name="saas" />`exchangeOtpForCustomerToken`](exchange-otp-customer-token.md)
   * [`generateCustomerTokenAsAdmin`](generate-token-as-admin.md)
   * [`generateCustomerToken`](generate-token.md)
   * [`requestPasswordResetEmail`](request-password-reset-email.md)

diff --git a/src/pages/graphql/usage/protected-mutations.md b/src/pages/graphql/usage/protected-mutations.md
@@ -44,7 +44,7 @@ The following table lists the forms and mutations that can be configured to requ
 
 Field name | Mutation
 --- | ---
-Enable for Customer Login | `generateCustomerToken`
+Enable for Customer Login | `generateCustomerToken`,<br/><Edition name="saas" /> `exchangeOtpForCustomerToken`
 Enable for Forgot Password | `changeCustomerPassword`
 Enable for Create New Customer Account | `createCustomer`, `createCustomerV2`
 Enable for Edit Customer Account | `updateCustomer`, `updateCustomerV2`