For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Dev Portal
DocsAPI ReferenceLearnCommunityChangelog
DocsAPI ReferenceLearnCommunityChangelog
    • About Our APIs
  • REST
    • Overview
      • Overview
          • Overview
            • POSTCreate a Token
            • DELRevoke a Token
      • Payments
  • GraphQL
    • Overview
  • MCP
    • Overview
Dev Portal
LogoLogo
RESTAdminAuthenticationStorefront API Tokens

Revoke a Token

DELETE
https://api.bigcommerce.com/stores/:store_hash/v3/storefront/api-token
DELETE
/stores/:store_hash/v3/storefront/api-token
$curl -X DELETE https://api.bigcommerce.com/stores/store_hash/v3/storefront/api-token \
>     -H "Accept: application/json" \
>     -H "Sf-Api-Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdG9yZWZyb250X3Rva2VuIiwiaWF0IjoxNjg4MDAwMDAwLCJleHAiOjE2ODgwMDM2MDB9.4f3b2a1c9d8e7f6a5b0c3d2e1f9a8b7c6d5e4f3a" \
>     -H "X-Auth-Token: <apiKey>" \
>     -H "Content-Type: application/json" \
>     -d '{}'
200Deleted
1{}

Revoke access for a storefront API token or a private API token. Only revoke compromised tokens under emergency situations. Let uncompromised short-lived tokens expire naturally, as you do not need to revoke these.

Was this page helpful?
Previous

Create a Token

Next

Create a Token

Built with

Authentication

X-Auth-Tokenstring

OAuth scopes

UI NamePermissionParameter
Storefront API Customer Impersonation Tokensmanagestore_storefront_api_customer_impersonation
Storefront API Tokensmanagestore_storefront_api

Authentication header

HeaderArgumentDescription
X-Auth-Tokenaccess_tokenFor more about API accounts that generate access_tokens, see our Guide to API Accounts.

Further reading

For example requests and more information about authenticating BigCommerce APIs, see Authentication and Example Requests.

For more about BigCommerce OAuth scopes, see our Guide to API Accounts.

Path parameters

store_hashstringRequired
Permanent ID of the BigCommerce store.

Headers

AcceptstringRequiredDefaults to application/json

The MIME type of the response body.

Sf-Api-TokenstringRequired
An existing JWT token that you want to revoke.

Response

A storefront API token or private API token revocation has been scheduled.