For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Dev Portal
DocsAPI ReferenceLearnCommunityChangelog
DocsAPI ReferenceLearnCommunityChangelog
    • About Our APIs
  • REST
    • Overview
      • Overview
      • Storefront
          • Authentication
            • POSTGet Storefront authToken Within Stencil
            • POSTGet Storefront authToken for Specific Customer
          • Catalog
          • Company
          • Orders
          • Request for Quote
          • Sales Rep
          • Shopping List
          • Store Settings
      • Management
  • GraphQL
    • Overview
  • MCP
    • Overview
Dev Portal
LogoLogo
RESTB2BStorefrontAuthentication

Get Storefront authToken for Specific Customer

POST
https://api-b2b.bigcommerce.com/api/io/auth/customers
POST
/api/io/auth/customers
$curl -X POST https://api-b2b.bigcommerce.com/api/io/auth/customers \
>     -H "Content-Type: application/json" \
>     -d '{
>  "storeHash": "1234abcd",
>  "channelId": 1000234,
>  "name": "customer storefront token",
>  "email": "user@example.com",
>  "password": "MyPassword123"
>}'
1{
2  "code": 200,
3  "data": {
4    "name": "customer storefront token"
5  },
6  "meta": {
7    "message": "SUCCESS"
8  }
9}
Validates a Company user’s login credentials to create a storefront authToken that can be queried for future GraphQL requests. Equivalent Storefront GraphQL API Mutation: `login` The GraphQL API mutation also allows you to return a `storefrontLoginToken`. This retrieves a JWT, which can be passed to the BigCommerce [Customer Login endpoint](/developer/docs/storefront/guides/customer-authentication/customer-login) in order to log a customer in with a Stencil storefront session. The `login` response also includes information related to the Company user, such as their name and their account’s internal identifiers. **Note:** the resulting storefront authToken is tied to the Company user, and their assigned user role determines whether or not further requests are authorized. For example, if you generate an authToken for a user who does not have the `create_address` permission enabled, using the token to validate the GraphQL API `addressCreate` mutation will result in an error. For a complete list of Company user permissions and their scopes, see [Company Roles and Permissions](/developer/api-reference/rest/b2b/management/company/company-roles-and-permissions). ### Example GraphQL API Body **With Storefront authToken only** ``` graphQL copy mutation { login( loginData: { storeHash: "1234abcd", email: "axe@snapmail.cc", password: "MyPassword123" } ) { result { token user { id bcId firstName lastName email } } } } ``` **With Storefront authToken and storefrontLoginToken** ``` graphQL copy mutation { login( loginData: { storeHash: "1234abcd", email: "axe@snapmail.cc", password: "MyPassword123" } ) { result { token storefrontLoginToken user { id bcId firstName lastName email } } } } ``` ### Example GraphQL API Responses **With Storefront authToken only** ``` json copy { "data": { "login": { "result": { "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6InRlc3RfYjJjX29yZGVyX2ltcG9ydEBxcS5jb21tIiwic3RvcmVfaGFzaCI6ImYyb3N4ampueGoiLCJkYiI6ImRlZmF1bHQifQ", "user": { "id": "8889911", "bcId": 28, "firstName": "B2B", "lastName": "User", "email": "user@example.com" } } } } } ``` **With Storefront authToken and storefrontLoginToken** ``` json copy { "data": { "login": { "result": { "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6InRlc3RfYjJjX29yZGVyX2ltcG9ydEBxcS5jb21tIiwic3RvcmVfaGFzaCI6ImYyb3N4ampueGoiLCJkYiI6ImRlZmF1bHQifQ", "storefrontLoginToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6ImtpZG8yNzZAc25hcG1haWwuY2MiLCJzdG9yZV9oYXNoIjoiMWk2enB4cGUzZyIsImRiIjoiZGVmYXVsdCIsIm5hbWUiOiJ0ZXN0OSIsImNoYW5uZWxfaWRzIjpbMV0sInRva2VuX3R5cGUiOjMsIm5iZiI6MTAwMCwiZXhwIjoyMDAxfQ.EiR__LVAlBVNYtFCZPWJYoPv6UfGiXtULxhK-BCQZjY", "user": { "id": "8889911", "bcId": 28, "firstName": "B2B", "lastName": "User", "email": "user@example.com" } } } } } ```
Was this page helpful?
Previous

Get Storefront authToken Within Stencil

Next

Catalog

Built with

Validates a Company user’s login credentials to create a storefront authToken that can be queried for future GraphQL requests.

Equivalent Storefront GraphQL API Mutation: login

The GraphQL API mutation also allows you to return a storefrontLoginToken. This retrieves a JWT, which can be passed to the BigCommerce Customer Login endpoint in order to log a customer in with a Stencil storefront session.

The login response also includes information related to the Company user, such as their name and their account’s internal identifiers.

Note: the resulting storefront authToken is tied to the Company user, and their assigned user role determines whether or not further requests are authorized. For example, if you generate an authToken for a user who does not have the create_address permission enabled, using the token to validate the GraphQL API addressCreate mutation will result in an error.

For a complete list of Company user permissions and their scopes, see Company Roles and Permissions.

Example GraphQL API Body

With Storefront authToken only

copy
1mutation {
2  login(
3    loginData: {
4      storeHash: "1234abcd",
5      email: "axe@snapmail.cc",
6      password: "MyPassword123"
7    }
8  ) {
9    result {
10      token
11      user {
12        id
13        bcId
14        firstName
15        lastName
16        email
17      }
18    }
19  }
20}

With Storefront authToken and storefrontLoginToken

copy
1mutation {
2  login(
3    loginData: {
4      storeHash: "1234abcd",
5      email: "axe@snapmail.cc",
6      password: "MyPassword123"
7    }
8  ) {
9    result {
10      token
11      storefrontLoginToken
12      user {
13        id
14        bcId
15        firstName
16        lastName
17        email
18      }
19    }
20  }
21}

Example GraphQL API Responses

With Storefront authToken only

copy
1{
2  "data": {
3    "login": {
4      "result": {
5        "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6InRlc3RfYjJjX29yZGVyX2ltcG9ydEBxcS5jb21tIiwic3RvcmVfaGFzaCI6ImYyb3N4ampueGoiLCJkYiI6ImRlZmF1bHQifQ",
6        "user": {
7          "id": "8889911",
8          "bcId": 28,
9          "firstName": "B2B",
10          "lastName": "User",
11          "email": "user@example.com"
12        }
13      }
14    }
15  }
16}

With Storefront authToken and storefrontLoginToken

copy
1{
2  "data": {
3    "login": {
4      "result": {
5        "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6InRlc3RfYjJjX29yZGVyX2ltcG9ydEBxcS5jb21tIiwic3RvcmVfaGFzaCI6ImYyb3N4ampueGoiLCJkYiI6ImRlZmF1bHQifQ",
6        "storefrontLoginToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6ImtpZG8yNzZAc25hcG1haWwuY2MiLCJzdG9yZV9oYXNoIjoiMWk2enB4cGUzZyIsImRiIjoiZGVmYXVsdCIsIm5hbWUiOiJ0ZXN0OSIsImNoYW5uZWxfaWRzIjpbMV0sInRva2VuX3R5cGUiOjMsIm5iZiI6MTAwMCwiZXhwIjoyMDAxfQ.EiR__LVAlBVNYtFCZPWJYoPv6UfGiXtULxhK-BCQZjY",
7        "user": {
8          "id": "8889911",
9          "bcId": 28,
10          "firstName": "B2B",
11          "lastName": "User",
12          "email": "user@example.com"
13        }
14      }
15    }
16  }
17}

Request

This endpoint expects an object.
storeHashstringRequired
The unique store hash for the BigCommerce store.
channelIddoubleRequiredDefaults to 1

The storefront channel ID associated with the storefront login session. Use 1 for your store’s default storefront channel.

namestringRequired>=1 character
emailstringRequiredformat: "email">=1 character
The email address associated with the user's account.
passwordstringRequiredformat: "password">=1 character
The password associated with the user's account.
beginAtintegerOptional

The Unix timestamp indicating when the storefront authToken starts being valid.

endAtintegerOptional

The Unix timestamp indicating when the storefront authToken is no longer valid.

Response

OK
codedoubleDefaults to 200
dataobject
metaobject

Errors

400
Bad Request Error