For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Dev Portal
DocsAPI ReferenceLearnCommunityChangelog
DocsAPI ReferenceLearnCommunityChangelog
    • About Our APIs
  • REST
    • Overview
      • Overview
      • Storefront
      • Management
        • Overview
          • Addresses
          • Authentication
            • POSTGet Storefront authToken with Credentials
            • POSTGet B2B Storefront Token
            • GETGet Storefront API authToken
            • POSTGet Server to Server Token
            • DELDelete Backend API Tokens
            • GETList Server to Server Tokens
          • Channels
          • Company
          • Invoice Management
          • Orders
          • Payment
          • Quotes
          • Sales Staff
          • Shopping List
          • Super Admin
          • Users
  • GraphQL
    • Overview
  • MCP
    • Overview
Dev Portal
LogoLogo
RESTB2BManagementAuthentication

Get Storefront authToken with Credentials

POST
https://api-b2b.bigcommerce.com/api/io/auth/customers
POST
/api/io/auth/customers
$curl -X POST https://api-b2b.bigcommerce.com/api/io/auth/customers \
>     -H "X-Auth-Token: <apiKey>" \
>     -H "Content-Type: application/json" \
>     -d '{
>  "storeHash": "1234abcd",
>  "email": "user@example.com",
>  "password": "MyPassword123",
>  "channelId": 1000234,
>  "name": "customer storefront token"
>}'
200Successful
1{
2  "code": 200,
3  "data": {
4    "name": "customer storefront token",
5    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6InRlc3RfYjJjX29yZGVyX2ltcG9ydEBxcS5jb21tIiwic3RvcmVfaGFzaCI6ImYyb3N4ampueGoiLCJkYiI6ImRlZmF1bHQifQ.L_u_enljWoYBbPPskmYEQVHldHIaTcWMIB-SdFah850"
6  },
7  "meta": {
8    "message": "SUCCESS"
9  }
10}
Uses the login credentials of a storefront customer or a Company user to generate a storefront authToken to validate requests to the B2B Storefront GraphQL API. Unlike the Get a Storefront API authToken endpoint, this request does not rely on a JWT from an active storefront session. By default, the resulting storefront authToken is valid for **1 day**. However, you can adjust its validity period with the `beginAt` and `endAt` fields in the request body.
Was this page helpful?
Previous

Authentication

Next

Get B2B Storefront Token

Built with

Uses the login credentials of a storefront customer or a Company user to generate a storefront authToken to validate requests to the B2B Storefront GraphQL API. Unlike the Get a Storefront API authToken endpoint, this request does not rely on a JWT from an active storefront session.

By default, the resulting storefront authToken is valid for 1 day. However, you can adjust its validity period with the beginAt and endAt fields in the request body.

Authentication

X-Auth-Tokenstring
| Header | Argument | Description | |:-------|:---------|:------------| | `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts). | For example requests and more information about authenticating BigCommerce APIs, see [Authentication and Example Requests](/developer/docs/overview/api-fundamentals/api-accounts#x-auth-token-header-example-requests). For more about BigCommerce OAuth scopes, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts#oauth-scopes). For a list of API status codes, see [API Status Codes](/developer/api-reference/rest/overview#rest-http-status-codes).
X-Store-Hashstring
| Header | Argument | Description | |:-------|:---------|:------------| | `X-Store-Hash` | `store_hash` | The unique store hash associated with a BigCommerce store that has B2B Edition enabled. |

Request

This endpoint expects an object.
storeHashstringRequired>=1 character
The unique store hash for the BigCommerce store.
emailstringRequiredformat: "email">=1 character
The email address associated with the user's account.
passwordstringRequiredformat: "password">=1 character
The password associated with the user's account.
channelIdintegerRequired
The storefront channel ID where the order was placed.
namestringRequired
The internal name assigned to the generated API token.
beginAtintegerOptional
The [Unix timestamp](https://www.unixtimestamp.com/) indicating when the storefront authToken starts being valid.
endAtintegerOptional
The [Unix timestamp](https://www.unixtimestamp.com/) indicating when the storefront authToken is no longer valid.

Response

OK
codeintegerDefaults to 200
The HTTP Status code of the response.
dataobject
metaobject
HeaderArgumentDescription
X-Auth-Tokenaccess_tokenFor more about API accounts that generate access_tokens, see our Guide to API Accounts.

For example requests and more information about authenticating BigCommerce APIs, see Authentication and Example Requests.

For more about BigCommerce OAuth scopes, see our Guide to API Accounts.

For a list of API status codes, see API Status Codes.

HeaderArgumentDescription
X-Store-Hashstore_hashThe unique store hash associated with a BigCommerce store that has B2B Edition enabled.

The Unix timestamp indicating when the storefront authToken starts being valid.

The Unix timestamp indicating when the storefront authToken is no longer valid.