Storefront Token

  • Host: api.bigcommerce.com/stores/{$$.env.store_hash}/v3
  • Protocols: https
  • Accepts: application/json
  • Responds With: application/json

An OpenAPI Document for Storefront API Token generation via Bigcommerce v3 API.

OAuth Scopes

UI Name Permission Parameter
Storefront API Customer Impersonation Tokens manage store_storefront_api_customer_impersonation
Storefront API Tokens manage store_storefront_api

For more information on OAuth Scopes, see: Authentication.

Authentication

Requests can be authenticated by sending a client_id and access_token via X-Auth-Client and X-Auth-Token HTTP headers:

GET /stores/{$$.env.store_hash}/v3/catalog/summary
host: api.bigcommerce.com
Accept: application/json
X-Auth-Client: {client_id}
X-Auth-Token: {access_token}
Header Parameter Description
X-Auth-Client client_id Obtained by creating an API account or installing an app in a BigCommerce control panel.
X-Auth-Token access_token Obtained by creating an API account or installing an app in a BigCommerce control panel.

For more information on Authenticating BigCommerce APIs, see: Authentication.

Available Endpoints

Resource / Endpoint Description
Storefront API Token Create Auth Tokens for use with Storefront APIs
Storefront Customer Impersonation Token Create a storefront API token for customer impersonation

Creating Customer Impersonation Tokens

Its possible to generate tokens for use in server-to-server interactions with a trusted consumer by POSTing to the API Token Customer Impersonation Endpoint with the X-Bc-Customer-Id header set to the customer’s ID:

POST /stores/{$$.env.store_hash}/v3/storefront/api-token-customer-impersonation
host: api.bigcommerce.com
x-Auth-Client: {client_id}
x-Auth-Token: {access_token}
X-Bc-Customer-Id: {customer_id}

Revoking Tokens

To revoke tokens, send a DELETE request to the Revoke a Token endpoint and include the JWT in the Sf-Api-Token header

DELETE /stores/{$$.env.store_hash}/v3/storefront/api-token-customer-impersonation
host: api.bigcommerce.com
x-Auth-Client: {client_id}
x-Auth-Token: {access_token}
Sf-Api-Token: {customer_id}