For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Dev Portal
DocsAPI ReferenceLearnCommunityChangelog
DocsAPI ReferenceLearnCommunityChangelog
    • About Our APIs
  • REST
    • Overview
      • Overview
          • Overview
            • POSTCreate a Token
            • DELRevoke a Token
              • POSTCreate a Token
      • Payments
  • GraphQL
    • Overview
  • MCP
    • Overview
Dev Portal
LogoLogo
RESTAdminAuthenticationStorefront API TokensCustomer Impersonation Token

Create a Token

POST
https://api.bigcommerce.com/stores/:store_hash/v3/storefront/api-token-customer-impersonation
POST
/stores/:store_hash/v3/storefront/api-token-customer-impersonation
$curl -X POST https://api.bigcommerce.com/stores/store_hash/v3/storefront/api-token-customer-impersonation \
>     -H "Accept: application/json" \
>     -H "X-Auth-Token: <apiKey>" \
>     -H "Content-Type: application/json" \
>     -d '{
>  "expires_at": 1711929600,
>  "channel_ids": [
>    101,
>    205
>  ]
>}'
200Multi Channel
1{
2  "data": {
3    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNjgwMDAwMDAwfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
4  },
5  "meta": {}
6}
Returns a Storefront API token that allows your application to impersonate customers when making GraphQL `POST` requests. For more information on how to use the returned token, see [customer impersonation tokens](/developer/docs/storefront/guides/graphql-storefront-api/authentication#customer-impersonation-tokens). **Required Scopes** * `Manage` `Storefront API Customer Impersonation Tokens` > NOTE: While neither `channel_id` nor `channel_ids` is labelled as required, one must be included in the request body. Including neither will throw an error, and including both will result in unexpected behaviors.
Was this page helpful?
Previous

Revoke a Token

Next

Create a Private API Token

Built with

Returns a Storefront API token that allows your application to impersonate customers when making GraphQL POST requests. For more information on how to use the returned token, see customer impersonation tokens.

Required Scopes

  • Manage Storefront API Customer Impersonation Tokens

NOTE: While neither channel_id nor channel_ids is labelled as required, one must be included in the request body. Including neither will throw an error, and including both will result in unexpected behaviors.

Authentication

X-Auth-Tokenstring
### OAuth scopes | UI Name | Permission | Parameter | |:--------|:-----------|:----------| | Storefront API Customer Impersonation Tokens | manage | `store_storefront_api_customer_impersonation` | | Storefront API Tokens | manage | `store_storefront_api` | ### Authentication header | Header | Argument | Description | |:-------|:---------|:------------| | `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts). | ### Further reading For example requests and more information about authenticating BigCommerce APIs, see [Authentication and Example Requests](/developer/docs/overview/api-fundamentals/api-accounts). For more about BigCommerce OAuth scopes, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts#oauth-scopes).

Path parameters

store_hashstringRequired
Permanent ID of the BigCommerce store.

Headers

AcceptstringRequiredDefaults to application/json

The MIME type of the response body.

Request

This endpoint expects an object.
expires_atintegerRequired>=0

Unix timestamp (UTC time) defining when the token should expire. Supports seconds, but does not support milliseconds, microseconds, or nanoseconds.

channel_idintegerOptional>=1

Channel ID that is valid for the requested token. Use this field to enter a single channel ID. We support this field for backwards compatibility, but channel_ids is preferred. One of channel_id or channel_ids is required; including neither returns an error, and including both results in unexpected behavior.

channel_idslist of integersOptional

A list of channel IDs that are valid for the requested token. Use this field for one or more channel IDs. One of channel_id or channel_ids is required; including neither returns an error, and including both results in unexpected behavior.

Response

dataobject
metaobject
Response metadata.

OAuth scopes

UI NamePermissionParameter
Storefront API Customer Impersonation Tokensmanagestore_storefront_api_customer_impersonation
Storefront API Tokensmanagestore_storefront_api

Authentication header

HeaderArgumentDescription
X-Auth-Tokenaccess_tokenFor more about API accounts that generate access_tokens, see our Guide to API Accounts.

Further reading

For example requests and more information about authenticating BigCommerce APIs, see Authentication and Example Requests.

For more about BigCommerce OAuth scopes, see our Guide to API Accounts.