Update Script | BigCommerce Developer Center

Updates a Script.

Authentication

X-Auth-Tokenstring

OAuth scopes

UI Name	Permission	Parameter
Checkout Content	modify	`store_content_checkout`
Checkout Content	read-only	`store_content_checkout_read_only`
Content	modify	`store_v2_content`
Content	read-only	`store_v2_content_read_only`

To read or modify scripts on checkout pages, add Checkout Content scopes.

Authentication header

Header	Argument	Description
`X-Auth-Token`	`access_token`	For more about API accounts that generate `access_token`s, see our Guide to API Accounts.

### OAuth scopes | UI Name | Permission | Parameter | |:--------|:-----------|:----------| | Checkout Content | modify | `store_content_checkout` | | Checkout Content | read-only | `store_content_checkout_read_only` | | Content | modify | `store_v2_content` | | Content | read-only | `store_v2_content_read_only` | To read or modify scripts on checkout pages, add `Checkout Content` scopes. ### Authentication header | Header | Argument | Description | |:-------|:---------|:------------| | `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide to API Accounts](/developer/docs/overview/api-accounts#api-accounts). | ### Further reading For example requests and more information about authenticating BigCommerce APIs, see [Authentication and Example Requests](/developer/docs/overview/api-accounts#x-auth-token-header-example-requests). For more about BigCommerce OAuth scopes, see our [Guide to API Accounts](/developer/docs/overview/api-accounts#oauth-scopes). For a list of API status codes, see [API Status Codes](/developer/api-reference/rest/overview#rest-http-status-codes).

Path parameters

uuidstringRequired

Request

This endpoint expects an object.

api_client_idstringOptional

The client id of the API user that created this script, or blank if created by other means.

auto_uninstallbooleanOptional

It will enable automatic cleanup of the script when the single click app is uninstalled or OAuth token is revoked.

channel_idintegerOptional>=1

consent_categoryenumOptional

Consent category for GDPR and CCPA compliance. Defaults to unknown when not specified. Scripts with an unknown consent category do not display on stores with customer cookie consent banners enabled.

Allowed values:

descriptionstringOptional

The user-friendly description.

enabledbooleanOptional

Whether the script is enabled or disabled on the storefront.

htmlstringOptional0-65536 characters

An HTML string containing exactly one script tag. Present when the script kind is script_tag.

integrity_hasheslist of stringsOptional

Array of Subresource integrity (SRI) hashes for external SRC scripts that lets browsers validate the contents of the script.

The hash is the integrity attribute on the script tag. You can add up to five hashes for a script and generate them using any SRI standard-supported algorithm, including SHA-256, SHA-384, and SHA-512. If you provide more than one hash, they will all be added to the integrity attribute in order, separated by whitespace.

Array of [Subresource integrity (SRI) hashes](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) for external SRC scripts that lets browsers validate the contents of the script. The hash is the `integrity` attribute on the `script` tag. You can add up to five hashes for a script and generate them using any SRI standard-supported algorithm, including SHA-256, SHA-384, and SHA-512. If you provide more than one hash, they will all be added to the `integrity` attribute in order, separated by whitespace.

kindenumOptional

What type of script this is.

src - For scripts that use the src URL. A script tag will be generated with its src attribute set to the value of the src property. When your app provides a path to the script, we can optimize and add the script automatically for you. The load_method can vary.

script_tag - For scripts that include a raw HTML script tag-enclosed block of JavaScript. The value of html is added directly to the page. The load_method must be default.

What type of script this is. `src` - For scripts that use the src URL. A `script` tag will be generated with its `src` attribute set to the value of the `src` property. When your app provides a path to the script, we can optimize and add the script automatically for you. The load_method can vary. `script_tag` - For scripts that include a raw HTML `script` tag-enclosed block of JavaScript. The value of `html` is added directly to the page. The load_method must be default.

Allowed values:

load_methodenumOptional

The load method to use for the script. Values are default, async, or defer. It determines how the script should be loaded into the page.

Allowed values:

locationenumOptional

Where on the page to place the script. Values are head or footer.

Allowed values:

namestringOptional1-255 characters

The user-friendly name.

srcstringOptional

The src attribute of the script to load. Only present if kind is src.

visibilityenumOptional

Which set of pages the script should load on.

Please note that you need to have Checkout content scope to use all_pages and checkout.

The current visibility options are storefront, checkout, all_pages and order_confirmation.

storefront: All pages that are not checkout or order_confirmation.

For a list of all locations visit Scripts Visibility.

Which set of pages the script should load on. Please note that you need to have `Checkout content` scope to use `all_pages` and `checkout`. - The current visibility options are `storefront`, `checkout`, `all_pages` and `order_confirmation`. `storefront`: All pages that are not `checkout` or `order_confirmation`. For a list of all locations visit [Scripts Visibility](/developer/docs/integrations/scripts#script-visibility-locations).

Allowed values:

Response

dataobject

metaobject

Response metadata.

Errors

404

Not Found Error

422

Unprocessable Entity Error

OAuth scopes

UI Name	Permission	Parameter
Checkout Content	modify	`store_content_checkout`
Checkout Content	read-only	`store_content_checkout_read_only`
Content	modify	`store_v2_content`
Content	read-only	`store_v2_content_read_only`

To read or modify scripts on checkout pages, add Checkout Content scopes.

Authentication header

Header	Argument	Description
`X-Auth-Token`	`access_token`	For more about API accounts that generate `access_token`s, see our Guide to API Accounts.

1	using RestSharp;
2
3	var client = new RestClient("https://api.bigcommerce.com/stores/store_hash/v3/content/scripts/uuid");
4	var request = new RestRequest(Method.PUT);
5	request.AddHeader("X-Auth-Token", "<apiKey>");
6	request.AddHeader("Content-Type", "application/json");
7	request.AddParameter("application/json", "{}", ParameterType.RequestBody);
8	IRestResponse response = client.Execute(request);

1	{
2	"data": {
3	"api_client_id": "string",
4	"auto_uninstall": true,
5	"channel_id": 1,
6	"consent_category": "essential",
7	"date_created": "2024-01-15T09:30:00Z",
8	"date_modified": "2024-01-15T09:30:00Z",
9	"description": "string",
10	"enabled": true,
11	"html": "string",
12	"integrity_hashes": [
13	"sha384-DgtwqxoPLKnJSER+TUmSPIpE6ZbVb2ZZwR241HHiqJipLiZQPN/JkKX5xxrEHUTt",
14	"sha384-UiwrqEuzfCtJKLI+dXmPNOpE6ZvBh2IIqT371rJiqJxyKjZ6PP/JmSD5hdsEUPOl"
15	],
16	"kind": "src",
17	"load_method": "default",
18	"location": "head",
19	"name": "string",
20	"src": "https://code.jquery.com/jquery-3.2.1.min.js",
21	"uuid": "string",
22	"visibility": "storefront"
23	},
24	"meta": {}
25	}