BigCommerce Docs

Creates a Storefront API token. This endpoint creates storefront tokens that support CORS via allowed_cors_origins and are intended for browser-based applications.

For server-to-server integrations, you must use the private token endpoint instead.

Required Scopes

Manage Storefront API Tokens

NOTE: While neither channel_id nor channel_ids is labelled as required, one must be included in the request body. Including neither will throw an error, and including both will result in unexpected behaviors.

Creates a Storefront API token. This endpoint creates storefront tokens that support CORS via `allowed_cors_origins` and are intended for browser-based applications. For server-to-server integrations, you must use the [private token endpoint](#operation/createPrivateToken) instead. **Required Scopes** * `Manage` `Storefront API Tokens` > NOTE: While neither `channel_id` nor `channel_ids` is labelled as required, one must be included in the request body. Including neither will throw an error, and including both will result in unexpected behaviors.

Authentication

X-Auth-Tokenstring

OAuth scopes

UI Name	Permission	Parameter
Storefront API Customer Impersonation Tokens	manage	`store_storefront_api_customer_impersonation`
Storefront API Tokens	manage	`store_storefront_api`

Authentication header

Header	Argument	Description
`X-Auth-Token`	`access_token`	For more about API accounts that generate `access_token`s, see our Guide to API Accounts.

### OAuth scopes | UI Name | Permission | Parameter | |:--------|:-----------|:----------| | Storefront API Customer Impersonation Tokens | manage | `store_storefront_api_customer_impersonation` | | Storefront API Tokens | manage | `store_storefront_api` | ### Authentication header | Header | Argument | Description | |:-------|:---------|:------------| | `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts). | ### Further reading For example requests and more information about authenticating BigCommerce APIs, see [Authentication and Example Requests](/developer/docs/overview/api-fundamentals/api-accounts). For more about BigCommerce OAuth scopes, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts#oauth-scopes).

Path parameters

store_hashstringRequired

Permanent ID of the BigCommerce store.

Request

This endpoint expects an object.

expires_atintegerRequired>=0

Unix timestamp (UTC time) defining when the token should expire. Supports seconds, but does not support milliseconds, microseconds, or nanoseconds.

allowed_cors_originslist of stringsOptional

List of allowed domains for Cross-Origin Request Sharing. Currently accepts a maximum of two domains per created token.

channel_idslist of integersOptional

A list of channel IDs that are valid for the requested token. Use this field for one or more channel IDs. One of channel_id or channel_ids is required; including neither returns an error, and including both results in unexpected behavior.

channel_idintegerOptional>=1

Channel ID that is valid for the requested token. Use this field to enter a single channel ID. We support this field for backwards compatibility, but channel_ids is preferred. One of channel_id or channel_ids is required; including neither returns an error, and including both results in unexpected behavior.

Response

dataobject

metaobject

Response metadata.

$	curl -X POST https://api.bigcommerce.com/stores/store_hash/v3/storefront/api-token \
>	-H "Accept: application/json" \
>	-H "X-Auth-Token: <apiKey>" \
>	-H "Content-Type: application/json" \
>	-d '{
>	"expires_at": 1885635176,
>	"allowed_cors_origins": [
>	"https://www.yourstorefront.com"
>	],
>	"channel_id": 1
>	}'

1	{
2	"data": {
3	"token": "string"
4	},
5	"meta": {}
6	}

Create a Token

Authentication

OAuth scopes

Authentication header

Further reading

Path parameters

Headers

Request

Response

OAuth scopes

Authentication header

Further reading