Brand Images
Brand Metafields
Category Metafields
Category Images
Product Bulk Pricing Rules
Product Complex Rules
Product Custom Fields
Product Images
Product Metafields
Product Modifiers
Product Modifier Values
Product Modifier Images
Product Options
Product Option Values
Product Reviews
Product Variants
Product Variants Metafields
Product Videos

Storefront Token

  • Version: 3.0
  • Host:{$$.env.store_hash}/v3
  • Protocols: https
  • Accepts: application/json
  • Responds With: application/json

An OpenAPI Document for Storefront API Token generation via Bigcommerce v3 API.

OAuth Scopes

UI Name Permission Parameter
Storefront API Customer Impersonation Tokens manage store_storefront_api_customer_impersonation
Storefront API Tokens manage store_storefront_api

For more information on OAuth Scopes, see: Authentication.


Requests can be authenticated by sending a client_id and access_token via X-Auth-Client and X-Auth-Token HTTP headers:

GET /stores/{$$.env.store_hash}/v3/catalog/summary
Accept: application/json
X-Auth-Client: {client_id}
X-Auth-Token: {access_token}
Header Parameter Description
X-Auth-Client client_id Obtained by creating an API account or installing an app in a BigCommerce control panel.
X-Auth-Token access_token Obtained by creating an API account or installing an app in a BigCommerce control panel.

For more information on Authenticating BigCommerce APIs, see: Authentication.

Available Endpoints

Resource / Endpoint Description
Storefront API Token Create Auth Tokens for use with Storefront APIs
Storefront Customer Impersonation Token Create a storefront API token for customer impersonation

Creating Customer Impersonation Tokens

Its possible to generate tokens for use in server-to-server interactions with a trusted consumer by POSTing to the API Token Customer Impersonation Endpoint with the X-Bc-Customer-Id header set to the customer’s ID:

POST /stores/{$$.env.store_hash}/v3/storefront/api-token-customer-impersonation
x-Auth-Client: {client_id}
x-Auth-Token: {access_token}
X-Bc-Customer-Id: {customer_id}

Revoking Tokens

To revoke tokens, send a DELETE request to the Revoke a Token endpoint and include the JWT in the Sf-Api-Token header:

DELETE /stores/{$$.env.store_hash}/v3/storefront/api-token-customer-impersonation
x-Auth-Client: {client_id}
x-Auth-Token: {access_token}
Sf-Api-Token: {customer_id}