Authentication

NOTICE

As of September 30, 2025, the B2B Edition API authToken will be deprecated and replaced by the standard BigCommerce API X-Auth-Token. For information concerning this change, see B2B Authentication.

While authToken authentication is not expected to be fully sunset in the near future, it is advised to migrate to the new system as soon as possible to prevent disruption of functionality.

Introduction

Authentication tokens validate API requests made by individuals or integrations to the server. All Server to Server API requests require an authToken in the header of the request.

Using authentication endpoints, you can:

Create Server to Server API tokens outside of the B2B Edition control panel.
View and delete existing API tokens.
Arrange for your integration to log in a storefront user and gather tokens for future GraphQL requests in the context of a particular Company and user.
Validate a storefront user’s credentials in order to generate a GQL token.

The Authentication API allows you to create V3 Server to Server and storefront authTokens, but you cannot create tokens for the deprecated V2 Server to Server API. You can create V2 tokens using the API Account settings (opens in a new tab) in the B2B Edition control panel; however, it is not recommended to use V2 endpoints.

Get a Server to Server Token

Delete Backend API Tokens

Get Storefront authToken with Credentials

Get a B2B Storefront Token

Get a Storefront API authToken

Get All Server to Server Tokens

See something you can improve? Edit this file on GitHub

Did you find what you were looking for?

Get Address Extra Field Configs Get a Server to Server Token