Dev Center
Dev Center
API Docs
API Reference
Theme Docs
Tools
Library
Blog
Changelog
My Apps
Create Account
No results found.
Getting Started
Quick Start
About Our APIs
Authenticating BigCommerce APIs
V2 and V3 REST API Authentication
Filtering
Best Practices
API Status Codes
Deprecations and Sunsets
Storefront APIs
Overview
GraphQL
REST
Add to Cart URLs
Customer Login API
Current Customer API
Passwordless Login
Tutorials
Management APIs
Catalog
Customers
Email Templates
new
Orders
Order Refunds
Payment Processing
Price Lists
Pricing Order
reference
Scripts
Settings
Shipping
Widgets
Webhooks
Provider APIs
Shipping Providers
Tax Providers
new
Building Apps
Quick Start
Guide
Tutorials
Building Channels
Quick Start
Guide
Tutorials
Building Headless Storefronts
Guide
Embedded Checkout
Next.js Commerce
Building Checkouts
Checkout Customizability
Managing Currencies
Guide
Partner Information
Becoming A Partner
Getting Started
Staying Current with Platform Changes
POS Solutions
ERP Solutions
PIM Solutions
OMS Solutions
Marketing Solutions
Shipping Solutions
Payment Solutions

Authentication

BigCommerce has five different APIs that let you manage store data, log in customers, make client-side queries for product information, and more. Each requires a different authentication method.

REST APIs

Requests to BigCommerce’s V2 and V3 REST APIs require you to pass an access token in the header. For instructions on generating this credential, see Obtaining Store API Credentials.

Storefront API

The Storefront API is unauthenticated, allowing you to make client-side requests for carts, checkouts, and orders using JavaScript.

GraphQL Storefront API

There are two ways to authenticate with the GraphQL API:

  1. Via a Storefront API token passed in your request’s header.
  2. Passing a token from within a Stencil theme in your request’s header.

For more details, see GraphQL API Authentication.

Customer Login API

The Customer Login API requires authentication via a JWT token and your app’s OAuth client ID.

For details, see Customer Login API.

Current Customer API

Your application’s client ID must be included in the Current Customer API request to receive a response. For details, see Current Customer API.