Get Server to Server Token | BigCommerce Developer Center

Creates a Server to Server API account with a token to validate future requests made to B2B’s Server to Server APIs.

This endpoint does not require an existing API Account, but you must validate the request with the login credentials of your backend B2B Edition user account. Only users with the pre-built Administrator or Store Owner role are allowed to create API tokens with this endpoint; custom user roles with API account permissions are not supported.

NOTE

This endpoint generates authToken API Accounts, which are considered deprecated as of September 30, 2025. It is recommended to use the BigCommerce API X-Auth-Token created in the control panel moving forward.

Creates a Server to Server API account with a token to validate future requests made to B2B’s Server to Server APIs. This endpoint does not require an existing API Account, but you must validate the request with the login credentials of your backend B2B Edition user account. Only users with the pre-built Administrator or Store Owner role are allowed to create API tokens with this endpoint; custom user roles with API account permissions are **not** supported. > NOTE > > This endpoint generates `authToken` API Accounts, which are considered deprecated as of September 30, 2025. It is recommended to use the BigCommerce API `X-Auth-Token` created in the control panel moving forward.

Authentication

X-Auth-Tokenstring

Authentication header

Header	Argument	Description
`X-Auth-Token`	`access_token`	For more about API accounts that generate `access_token`s, see our Guide to API Accounts.

### Authentication header | Header | Argument | Description | |:-------|:---------|:------------| | `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts). | ### Further reading For example requests and more information about authenticating BigCommerce APIs, see [Authentication and Example Requests](/developer/docs/overview/api-fundamentals/api-accounts#x-auth-token-header-example-requests). For more about BigCommerce OAuth scopes, see our [Guide to API Accounts](/developer/docs/overview/api-fundamentals/api-accounts#oauth-scopes). For a list of API status codes, see [API Status Codes](/developer/api-reference/rest/overview#rest-http-status-codes).

Request

This endpoint expects an object.

storeHashstringRequired>=1 character

The unique store hash for the BigCommerce store.

emailstringRequiredformat: "email">=1 character

The email address associated with the user's account.

passwordstringRequiredformat: "password">=1 character

The password associated with the user's account.

namestringRequired

The internal name assigned to the generated API token.

Response

codeintegerDefaults to 200

The HTTP Status code of the response.

datalist of objects

metaobject

Errors

400

Bad Request Error

1	import requests
2
3	url = "https://api-b2b.bigcommerce.com/api/io/auth/backend"
4
5	payload = {
6	"storeHash": "1234abcd",
7	"email": "user@example.com",
8	"password": "MyPassword123",
9	"name": "customer storefront token"
10	}
11	headers = {
12	"X-Auth-Token": "<apiKey>",
13	"Content-Type": "application/json"
14	}
15
16	response = requests.post(url, json=payload, headers=headers)
17
18	print(response.json())