Get Server to Server Token

Deprecated

POST

https://api-b2b.bigcommerce.com/api/io/auth/backend

Creates a Server to Server API account with a token to validate future requests made to B2B’s Server to Server APIs. This endpoint does not require an existing API Account, but you must validate the request with the login credentials of your backend B2B Edition user account. Only users with the pre-built Administrator or Store Owner role are allowed to create API tokens with this endpoint; custom user roles with API account permissions are **not** supported. > NOTE > > This endpoint generates `authToken` API Accounts, which are considered deprecated as of September 30, 2025. It is recommended to use the BigCommerce API `X-Auth-Token` created in the control panel moving forward.

Get Server to Server Token

Deprecated

POST

https://api-b2b.bigcommerce.com/api/io/auth/backend

Creates a Server to Server API account with a token to validate future requests made to B2B’s Server to Server APIs.

This endpoint does not require an existing API Account, but you must validate the request with the login credentials of your backend B2B Edition user account. Only users with the pre-built Administrator or Store Owner role are allowed to create API tokens with this endpoint; custom user roles with API account permissions are not supported.

NOTE

This endpoint generates authToken API Accounts, which are considered deprecated as of September 30, 2025. It is recommended to use the BigCommerce API X-Auth-Token created in the control panel moving forward.

Authentication

X-Auth-Tokenstring

Header	Argument	Description
`X-Auth-Token`	`access_token`	For more about API accounts that generate `access_token`s, see our Guide to API Accounts.

For example requests and more information about authenticating BigCommerce APIs, see Authentication and Example Requests.

For more about BigCommerce OAuth scopes, see our Guide to API Accounts.

For a list of API status codes, see API Status Codes.

X-Store-Hashstring

| Header | Argument | Description | |:-------|:---------|:------------| | `X-Store-Hash` | `store_hash` | The unique store hash associated with a BigCommerce store that has B2B Edition enabled. |

Request

This endpoint expects an object.

storeHashstringRequired>=1 character

The unique store hash for the BigCommerce store.

emailstringRequiredformat: "email">=1 character

The email address associated with the user's account.

passwordstringRequiredformat: "password">=1 character

The password associated with the user's account.

namestringRequired

The internal name assigned to the generated API token.

Response

codeintegerDefaults to 200

The HTTP Status code of the response.

datalist of objects

metaobject

Errors

400

Bad Request Error

$	curl -X POST https://api-b2b.bigcommerce.com/api/io/auth/backend \
>	-H "X-Auth-Token: <apiKey>" \
>	-H "Content-Type: application/json" \
>	-d '{
>	"storeHash": "1234abcd",
>	"email": "user@example.com",
>	"password": "MyPassword123",
>	"name": "customer storefront token"
>	}'

1	{
2	"code": 200,
3	"data": [
4	{
5	"name": "customer storefront token",
6	"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6InRlc3RfYjJjX29yZGVyX2ltcG9ydEBxcS5jb21tIiwic3RvcmVfaGFzaCI6ImYyb3N4ampueGoiLCJkYiI6ImRlZmF1bHQifQ.L_u_enljWoYBbPPskmYEQVHldHIaTcWMIB-SdFah850"
7	}
8	],
9	"meta": {
10	"message": "SUCCESS"
11	}
12	}

$	curl -X POST https://api-b2b.bigcommerce.com/api/io/auth/backend \
>	-H "X-Auth-Token: <apiKey>" \
>	-H "Content-Type: application/json" \
>	-d '{
>	"storeHash": "1234abcd",
>	"email": "user@example.com",
>	"password": "MyPassword123",
>	"name": "customer storefront token"
>	}'

1	{
2	"code": 200,
3	"data": [
4	{
5	"name": "customer storefront token",
6	"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6InRlc3RfYjJjX29yZGVyX2ltcG9ydEBxcS5jb21tIiwic3RvcmVfaGFzaCI6ImYyb3N4ampueGoiLCJkYiI6ImRlZmF1bHQifQ.L_u_enljWoYBbPPskmYEQVHldHIaTcWMIB-SdFah850"
7	}
8	],
9	"meta": {
10	"message": "SUCCESS"
11	}
12	}