Browse by Topic

Store API Accounts

Some apps and integrations require special permissions to communicate with or make changes to your store. These permissions are provided in the form of API accounts (also referred to as OAuth tokens or keys) that can be created directly from your control panel.

Most apps available in the App Marketplace are Single-Click apps, which don’t require the added steps of creating a dedicated API account, then supplying those credentials to a third party.


Creating an API Account

To create API accounts, you must be logged in as the store owner. Go to Advanced SettingsAPI Accounts and click Create API Account. Select whether the new account is a V2/V3 API token or a Stencil-CLI token, used in theme customization.

A maximum of 50 accounts can be created per store.

Create API Account button highlighted

Enter a Name for the app/integration corresponding to this account, then copy or make a note of the API Path — you'll need it to use the API account.

Name and API Path fields under Create API Account

Under OAuth Scopes, specify the API resources and permissions to which your app/integration requires access.

Individualy store resources can be set to none, read-only, or modify.

We offer a variety of OAuth Scopes for customizing and controlling access to your store's data. For more information, see our API Documentation. For example, the Information and Settings scope encapsulates the configuration settings across multiple domain areas of the platform, including:

  • Basic store information
  • Shipping methods (both static and real-time)
  • Shipping zones
  • Store settings
  • Payment methods
  • Tax classes

When you’re done making changes, click Save. A successful save will display the pop-up shown below. It will contain the API credentials that your app will need for OAuth access, and you will be prompted by your browser to download a .txt file containing the same credentials for safekeeping on your computer. 


Keep your credentials! There is no way to return to this pop-up after you select Done to dismiss it. Make sure you store your credentials – either by copying/pasting the contents of each field out of the pop-up or by keeping the downloaded .txt file. We recommend adding the API Path value from Step 2 to these credentials, as it is used for all API calls using the token.

Pop-up displaying your Client ID, Client Secret, and Access Token


Deleting an API Account

To delete a Store API account, under Actions, click the trashcan icon next to the Account Name.

Delete API account button highlighted

You can delete multiple accounts at once by checking the box to the left of each account, then clicking the trashcan icon in the top right of the list.

Account name check boxes and bulk delete button highlighted



As an app developer, what authentication options are there?

Any apps intended for sale on the BigCommerce App Marketplace must use OAuth. OAuth is compatible with all current and planned BigCommerce APIs, including v2 Webhooks and our v3 API. For more information, see our Developer Documentation.

Was this article helpful?