BigCommerce Docs

Authentication tokens validate API requests made by individuals or integrations to the server. All Server to Server API requests require an API token in the header of the request. When using the X-Auth-Token header with B2B Edition Server to Server API requests, the X-Store-Hash header is also required.

See B2B Authentication for information on how to generate BigCommerce API tokens with appropriate scopes to use the B2B Edition Server to Server API.

Using authentication endpoints, you can:

Arrange for your integration to log in a storefront user and gather tokens for future GraphQL requests in the context of a particular Company and user.
Validate a storefront user’s credentials in order to generate a GQL token.

The Authentication API allows you to create only storefront authTokens and deprecated V3 Server to Server authTokens, but you cannot create tokens for the deprecated V2 Server to Server API. You can create V2 tokens using the API Account settings in the B2B Edition control panel; however, it is not recommended to use V2 endpoints.