The [MIME type](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types) of the response body.

Accept

The [MIME type](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types) of the request body.

Content-Type

The error title describing the particular error.


Unix timestamp (UTC time) defining when the token should expire. Supports seconds, but does not support milliseconds, microseconds, or nanoseconds.

List of allowed domains for Cross-Origin Request Sharing. Currently accepts a maximum of two domains per created token.

JWT Token for accessing the Storefront API

### OAuth scopes

| UI Name | Permission | Parameter |
|:--------|:-----------|:----------|
| Storefront API Customer Impersonation Tokens | manage | `store_storefront_api_customer_impersonation` |
| Storefront API Tokens | manage | `store_storefront_api` |

### Authentication header

| Header | Argument | Description |
|:-------|:---------|:------------|
| `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide to API Accounts](/docs/start/authentication/api-accounts). |

### Further reading

For example requests and more information about authenticating BigCommerce APIs, see [Authentication and Example Requests](/docs/start/authentication#x-auth-token-header-example-requests).

For more about BigCommerce OAuth scopes, see our [Guide to API Accounts](/docs/start/authentication/api-accounts#oauth-scopes).

For a list of API status codes, see [API Status Codes](/docs/start/about/status-codes).

X-Auth-Token

BigCommerce

Get and manage tokens used to authenticate cross-origin requests to the [GraphQL Storefront API](/docs/storefront/graphql).

Add a [token creation scope](/docs/start/authentication/api-accounts#token-creation-scopes) to the [store-level or app-level API account](/docs/start/authentication/api-accounts) you use to generate tokens.

## Storefront tokens

This type of token is the most appropriate to use from a web browser when you're serving a static site that only supports anonymous shopping. If you're creating a token for backend implementation, you wish to support signing in customers, or you're developing a frontend app that proxies requests, such as a NextJS app, use a [customer impersonation token](#customer-impersonation-tokens). 

## Customer impersonation tokens

Customer impersonation token-authenticated requests receive store information from the perspective of the customer with the ID specified in the `X-Bc-Customer-Id` header. The customer will automatically see the correct pricing, product availability, order history, and account details.

This special token is not necessary if you only wish to query information from an anonymous shopper's perspective.

> #### Warning
> Unless your frontend client proxies requests, attempts to authenticate from the brower using customer impersonation tokens will be rejected.

## Additional information

* [GraphQL Storefront API overview](/docs/storefront/graphql)
* [Authenticating requests to the GraphQL Storefront API](/docs/start/authentication/graphql-storefront)

GraphQL Storefront API tokens

Revoke access for a Storefront API token. Only revoke compromised tokens under emergency situations. Let uncompromised short-lived tokens expire naturally, as you do not need to revoke these.

An existing JWT token that you want to revoke.

Sf-Api-Token

A storefront API token revocation has been scheduled.

Unauthorized - the v3 Auth client ID or token in the request are not a valid combination for this store.

Missing scope - the v3 Auth token is valid but does not have proper permissions to access this endpoint.

Invalid JWT Token provided or missing JWT token header

Creates a Storefront API token.

**Required Scopes**
* `Manage` `Storefront API Tokens`

Invalid JSON request body - missing or invalid data.

Returns a Storefront API token that allows your application to impersonate customers when making GraphQL `POST` requests. For more information on how to use the returned token, see [customer impersonation tokens](/docs/rest-authentication/tokens/customer-impersonation-token#create-a-token).

**Required Scopes**
* `Manage` `Storefront API Customer Impersonation Tokens`

Invalid JSON request body - missing or invalid data

Customer Impersonation Token

Create a Token