Create a Token | BigCommerce Developer Center

Creates a Storefront API token. This endpoint creates storefront tokens that support CORS via allowed_cors_origins and are intended for browser-based applications.

For server-to-server integrations, you must use the private token endpoint instead.

Required Scopes

Manage Storefront API Tokens

NOTE: While neither channel_id nor channel_ids is labelled as required, one must be included in the request body. Including neither will throw an error, and including both will result in unexpected behaviors.

Creates a Storefront API token. This endpoint creates storefront tokens that support CORS via `allowed_cors_origins` and are intended for browser-based applications. For server-to-server integrations, you must use the [private token endpoint](#operation/createPrivateToken) instead. **Required Scopes** * `Manage` `Storefront API Tokens` > NOTE: While neither `channel_id` nor `channel_ids` is labelled as required, one must be included in the request body. Including neither will throw an error, and including both will result in unexpected behaviors.

Authentication

X-Auth-Tokenstring

OAuth scopes

UI Name	Permission	Parameter
Storefront API Customer Impersonation Tokens	manage	`store_storefront_api_customer_impersonation`
Storefront API Tokens	manage	`store_storefront_api`

Authentication header

Header	Argument	Description
`X-Auth-Token`	`access_token`	For more about API accounts that generate `access_token`s, see our Guide to API Accounts.

### OAuth scopes | UI Name | Permission | Parameter | |:--------|:-----------|:----------| | Storefront API Customer Impersonation Tokens | manage | `store_storefront_api_customer_impersonation` | | Storefront API Tokens | manage | `store_storefront_api` | ### Authentication header | Header | Argument | Description | |:-------|:---------|:------------| | `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts). | ### Further reading For example requests and more information about authenticating BigCommerce APIs, see [Authentication and Example Requests](/developer/docs/overview/api-fundamentals/api-accounts). For more about BigCommerce OAuth scopes, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts#oauth-scopes).

Request

This endpoint expects an object.

expires_atintegerRequired>=0

Unix timestamp (UTC time) defining when the token should expire. Supports seconds, but does not support milliseconds, microseconds, or nanoseconds.

allowed_cors_originslist of stringsOptional

List of allowed domains for Cross-Origin Request Sharing. Currently accepts a maximum of two domains per created token.

channel_idintegerOptional>=1

Channel ID that is valid for the requested token. Use this field to enter a channel ID. Do not use this field if you have more than one channel. We support this field for backwards compatibility, but channel_ids is preferred. You can not use both channel_id and channel_ids in your request.

channel_idslist of integersOptional

A list of channel IDs that are valid for the requested token. Use this field if you have more than one channel ID. You can not use both channel_id and channel_ids in your request.

Response

dataobject

metaobject

Response metadata.

1	using RestSharp;
2
3	var client = new RestClient("https://api.bigcommerce.com/stores/store_hash/v3/storefront/api-token");
4	var request = new RestRequest(Method.POST);
5	request.AddHeader("X-Auth-Token", "<apiKey>");
6	request.AddHeader("Content-Type", "application/json");
7	request.AddParameter("application/json", "{\n \"expires_at\": 1885635176,\n \"allowed_cors_origins\": [\n \"https://www.yourstorefront.com\"\n ],\n \"channel_ids\": [\n 1,\n 12\n ]\n}", ParameterType.RequestBody);
8	IRestResponse response = client.Execute(request);

1	{
2	"data": {
3	"token": "string"
4	},
5	"meta": {}
6	}