BigCommerce has five different APIs that let you manage store data, log in customers, make client-side queries for product information, and more. Each requires a different method for authentication.


Requests to BigCommerce’s V2 and V3 REST APIs require both an OAuth Client ID and Access Token be passed in the header. See Obtaining Store API Credentials for instructions on generating these credentials.

Storefront API

The Storefront API is unauthenticated, allowing you to make client-side requests for carts, checkouts and orders using Javascript.

GraphQL Storefront API

There are two ways to authenticate with the GraphQL API:

  1. Via a Storefront API token passed in your request’s header
  2. Passing a Simple Token from within a Stencil theme in your request’s header

For more details, see GraphQL API Authentication.

Customer Login API

The Customer Login API requires authentication via a JWT token and your app’s OAuth Client ID.

For details, see Customer Login API.

Current Customer API

Your application’s Client ID must be included in the request to the Current Customer API to receive a response. For details, see Current Customer API.