Authentication
On this page
BigCommerce has five different APIs that let you manage store data, log in customers, make client-side queries for product information, and more. Each requires a different authentication method.
REST APIs
Requests to BigCommerce’s V2 and V3 REST APIs require you to pass an access token in the header. For instructions on generating this credential, see Obtaining Store API Credentials.
Storefront API
The Storefront API is unauthenticated, allowing you to make client-side requests for carts, checkouts, and orders using JavaScript.
GraphQL Storefront API
There are two ways to authenticate with the GraphQL API:
- Via a Storefront API token passed in your request’s header.
- Passing a token from within a Stencil theme in your request’s header.
For more details, see GraphQL API Authentication.
Customer Login API
The Customer Login API requires authentication via a JWT token and your app’s OAuth client ID.
For details, see Customer Login API.
Current Customer API
Your application’s client ID must be included in the Current Customer API request to receive a response. For details, see Current Customer API.