GraphQL Storefront API tokens
Get and manage tokens used to authenticate cross-origin requests to the GraphQL Storefront API.
Add a token creation scope to the store-level or app-level API account you use to generate tokens.
Storefront tokens
This type of token is the most appropriate to use from a web browser when you're serving a static site that only supports anonymous shopping. If you're creating a token for backend implementation, you wish to support signing in customers, or you're developing a frontend app that proxies requests, such as a NextJS app, use a customer impersonation token.
Customer impersonation tokens
Customer impersonation token-authenticated requests receive store information from the perspective of the customer with the ID specified in the X-Bc-Customer-Id
header. The customer will automatically see the correct pricing, product availability, order history, and account details.
This special token is not necessary if you only wish to query information from an anonymous shopper's perspective.
Warning
Unless your frontend client proxies requests, attempts to authenticate from the brower using customer impersonation tokens will be rejected.
Additional information
Create a Token
POST https://api.bigcommerce.com/stores/{store_hash}/v3/storefront/api-tokenRequest
Creates a Storefront API token.
Required Scopes
Manage
Storefront API Tokens
Authentication
- X-Auth-Token in headerrequired
Parameters
- store_hash in path - string
Body
example
Response
Body
dataobject
example
Revoke a Token
DELETE https://api.bigcommerce.com/stores/{store_hash}/v3/storefront/api-tokenRequest
Revoke access for a Storefront API token. Only revoke compromised tokens under emergency situations. Let uncompromised short-lived tokens expire naturally, as you do not need to revoke these.
Authentication
- X-Auth-Token in headerrequired
Parameters
- store_hash in path - string
- Sf-Api-Token in header - stringrequired
An existing JWT token that you want to revoke.
example
Response
A storefront API token revocation has been scheduled.