Authenticate BigCommerce and B2B Edition APIs with One API Account

Starting today, September 30, 2025, the B2B Edition scope is available in BigCommerce store-level API accounts. With this change, you can generate a single API token to authenticate requests to both BigCommerce APIs and B2B Edition APIs.

Why unify API authentication?

Previously, the B2B Edition v3 REST Management API required its own token from the B2B Edition dashboard. If your integration used both BigCommerce and B2B Edition APIs, you had to manage two separate accounts and tokens.

Now, you can add the B2B Edition scope to a BigCommerce API account and use one authentication model across both. This reduces the number of accounts you need to maintain and makes it easier to build integrations that span core commerce and B2B features. Huge win for efficiency! 

Creating a unified API account

To create a unified API account:

1. Go to Settings › Store-level API accounts in your BigCommerce control panel

2. Click Create API Account

3. Select the BigCommerce API scopes and permissions you need

4. Add the B2B Edition scope

The B2B Edition scope validates all v3 REST Management API requests. You will still need separate tokens for:

1. B2B Edition Storefront REST and GraphQL APIs

2. Legacy v2 REST Management APIs

Managing existing B2B API accounts

With unified authentication in place, the way you handle older B2B-only API accounts changes: The B2B Edition control panel still allows you to create B2B-only API accounts until December 31, 2025. After that date, you can still create B2B-only tokens via the API, but we strongly recommend creating unified tokens going forward.

A few important points to keep in mind:

• Existing accounts remain active until deleted by the store owner

• Once a v2 API account is deleted, it cannot be recreated

• To replace a v2 token, use the refresh button in the B2B API account list

Key technical details developers should know

For merchants who still rely on v2 accounts, the Control Panel now includes a refresh button. This allows you to extend token lifecycles without creating a new account.

Requests authenticated with unified tokens will require a store hash header. The working name is x-store-hash, but the final name may change. Plan to include this header in all requests.

The "Add API Account" role permission will remain in place for now. Once unified API accounts with the B2B scope are proven stable, the B2B API account creation UI will be removed from the Control Panel. This rollout will be gated by an experiment so it can be reversed if needed.

The B2B Edition scope will most likely be called modify, consistent with other scopes that validate all request methods (GET, POST, PUT, DELETE).

The "Add V3 IO" tool in the Support Portal will continue to support creating legacy B2B API accounts. It does not support unified accounts, and there are no plans to remove it.

Example requests: authentication before and after

The example requests below outline the key differences between the legacy B2B API request and the new unified API request with B2B scope, specifically highlighting:

• The unified API token is generated from a BigCommerce store-level API account with the B2B Edition scope

• The request must include the store hash header

• Endpoints remain the same for v3 B2B REST APIs

Legacy B2B API request

curl --request GET \\

  --url https://api-b2b.bigcommerce.com/stores/{store\_hash}/v3/b2b/customers \\

  --header "X-Auth-Token: {b2b\_token}"

Unified API request with B2B scope

curl --request GET \\

  --url https://api.bigcommerce.com/stores/{store_hash}/v3/b2b/customers \\

  --header "X-Auth-Token: {unified_api_token}" \\

  --header "x-store-hash: {store_hash}" 

What’s next?

The unified authentication model is now available, and you can begin using it in new or existing integrations. To make the transition as smooth as possible, here are the main actions to keep in mind:

• Use unified API accounts for any new integrations

• Always include the store hash header when authenticating with unified tokens

• If you rely on v2 accounts, use the refresh button to maintain tokens. Do not delete them unless you no longer need them, since they cannot be recreated

• Update documentation, automation scripts, and integration workflows ahead of time if you have further development plans for your store.

• Leverage the B2B Edition OAuth scope when building applications through our Developer Portal to build solutions that serve both B2C and B2B businesses.

• Regularly review your B2B Control Panel › API Accounts settings and remove unused accounts to minimize exposure.

Support and documentation

• B2B Edition Settings - To learn more about managing your B2B-only API accounts

• Updated DevDoc: B2B Edition Authentication

• Release Notes: Simplify and Innovate with Unified API Accounts

If you run into issues, open a support ticket through your BigCommerce control panel.