BigCommerce Docs

Returns a Storefront API token that allows your application to impersonate customers when making GraphQL POST requests. For more information on how to use the returned token, see customer impersonation tokens.

Required Scopes

Manage Storefront API Customer Impersonation Tokens

NOTE: While neither channel_id nor channel_ids is labelled as required, one must be included in the request body. Including neither will throw an error, and including both will result in unexpected behaviors.

Returns a Storefront API token that allows your application to impersonate customers when making GraphQL `POST` requests. For more information on how to use the returned token, see [customer impersonation tokens](/developer/docs/storefront/guides/graphql-storefront-api/authentication#customer-impersonation-tokens). **Required Scopes** * `Manage` `Storefront API Customer Impersonation Tokens` > NOTE: While neither `channel_id` nor `channel_ids` is labelled as required, one must be included in the request body. Including neither will throw an error, and including both will result in unexpected behaviors.

Authentication

X-Auth-Tokenstring

OAuth scopes

UI Name	Permission	Parameter
Storefront API Customer Impersonation Tokens	manage	`store_storefront_api_customer_impersonation`
Storefront API Tokens	manage	`store_storefront_api`

Authentication header

Header	Argument	Description
`X-Auth-Token`	`access_token`	For more about API accounts that generate `access_token`s, see our Guide to API Accounts.

### OAuth scopes | UI Name | Permission | Parameter | |:--------|:-----------|:----------| | Storefront API Customer Impersonation Tokens | manage | `store_storefront_api_customer_impersonation` | | Storefront API Tokens | manage | `store_storefront_api` | ### Authentication header | Header | Argument | Description | |:-------|:---------|:------------| | `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts). | ### Further reading For example requests and more information about authenticating BigCommerce APIs, see [Authentication and Example Requests](/developer/docs/overview/api-fundamentals/api-accounts). For more about BigCommerce OAuth scopes, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts#oauth-scopes).

Request

This endpoint expects an object.

expires_atintegerRequired>=0

Unix timestamp (UTC time) defining when the token should expire. Supports seconds, but does not support milliseconds, microseconds, or nanoseconds.

channel_idintegerOptional>=1

Channel ID that is valid for the requested token. Use this field to enter a single channel ID. We support this field for backwards compatibility, but channel_ids is preferred. One of channel_id or channel_ids is required; including neither returns an error, and including both results in unexpected behavior.

channel_idslist of integersOptional

A list of channel IDs that are valid for the requested token. Use this field for one or more channel IDs. One of channel_id or channel_ids is required; including neither returns an error, and including both results in unexpected behavior.

Response

dataobject

metaobject

Response metadata.

1	curl -X POST https://api.bigcommerce.com/stores/store_hash/v3/storefront/api-token-customer-impersonation \
2	-H "X-Auth-Token: <apiKey>" \
3	-H "Content-Type: application/json" \
4	-d '{
5	"expires_at": 1711929600,
6	"channel_ids": [
7	5,
8	12
9	]
10	}'

1	{
2	"data": {
3	"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNjgwMDAwMDAwfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
4	},
5	"meta": {}
6	}