BigCommerce Docs

Required Scopes

Manage Storefront API Tokens

NOTE: While neither channel_id nor channel_ids is labelled as required, one must be included in the request body. Including neither will throw an error, and including both will result in unexpected behaviors.

Creates a private token for server-to-server integrations. Private tokens are always stateless (no session required) and provide better performance for server-to-server use cases. The API will reject private token-authenticated requests that originate from web browsers. **Required Scopes** * `Manage` `Storefront API Tokens` > NOTE: While neither `channel_id` nor `channel_ids` is labelled as required, one must be included in the request body. Including neither will throw an error, and including both will result in unexpected behaviors.

Authentication

X-Auth-Tokenstring

OAuth scopes

UI Name	Permission	Parameter
Storefront API Customer Impersonation Tokens	manage	`store_storefront_api_customer_impersonation`
Storefront API Tokens	manage	`store_storefront_api`

Authentication header

Header	Argument	Description
`X-Auth-Token`	`access_token`	For more about API accounts that generate `access_token`s, see our Guide to API Accounts.

### OAuth scopes | UI Name | Permission | Parameter | |:--------|:-----------|:----------| | Storefront API Customer Impersonation Tokens | manage | `store_storefront_api_customer_impersonation` | | Storefront API Tokens | manage | `store_storefront_api` | ### Authentication header | Header | Argument | Description | |:-------|:---------|:------------| | `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts). | ### Further reading For example requests and more information about authenticating BigCommerce APIs, see [Authentication and Example Requests](/developer/docs/overview/api-fundamentals/api-accounts). For more about BigCommerce OAuth scopes, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts#oauth-scopes).

Path parameters

store_hashstringRequired

Permanent ID of the BigCommerce store.

Request

This endpoint expects an object.

expires_atintegerRequired>=0

Unix timestamp (UTC time) defining when the token should expire. Supports seconds, but does not support milliseconds, microseconds, or nanoseconds.

scopeslist of enumsRequired

Access scope identifiers. Required for private tokens. Include all scopes required by the GraphQL fields you need.

channel_idslist of integersOptional

A list of channel IDs that are valid for the requested token. Use this field for one or more channel IDs. One of channel_id or channel_ids is required; including neither returns an error, and including both results in unexpected behavior.

channel_idintegerOptional>=1

Channel ID that is valid for the requested token. Use this field to enter a single channel ID. We support this field for backwards compatibility, but channel_ids is preferred. One of channel_id or channel_ids is required; including neither returns an error, and including both results in unexpected behavior.

Response

dataobject

metaobject

Response metadata.

$	curl -X POST https://api.bigcommerce.com/stores/store_hash/v3/storefront/api-token-private \
>	-H "Accept: application/json" \
>	-H "X-Auth-Token: <apiKey>" \
>	-H "Content-Type: application/json" \
>	-d '{
>	"expires_at": 1885635176,
>	"scopes": [
>	"Unauthenticated",
>	"Customer"
>	],
>	"channel_id": 1
>	}'

1	{
2	"data": {
3	"token": "string"
4	},
5	"meta": {}
6	}

Create a Private API Token

Authentication

OAuth scopes

Authentication header

Further reading

Path parameters

Headers

Request

Response

OAuth scopes

Authentication header

Further reading