BigCommerce · Authentication Profile
Bigcommerce Authentication
Authentication
BigCommerce secures its APIs with apiKey and http across 3 declared security schemes, as derived from its OpenAPI definitions.
E-CommerceRetailCatalogOrdersCheckoutPaymentsSaaS
Methods: apiKey, http
Schemes: 3
OAuth flows:
API key in: header
Security Schemes
X-Auth-Token apiKey
· in: header (X-Auth-Token)
BearerPAT http
scheme: bearer
Authorization http
scheme: basic
Source
Authentication Profile
generated: '2026-07-11'
method: derived
source: openapi/abandoned-cart-emails-openapi-original.yml, openapi/abandoned-carts-openapi-original.yml,
openapi/accepted-payment-methods-openapi-original.yml, openapi/accepted-payment-methods-openapi.yml,
openapi/carts-openapi-original.yml, openapi/catalog-brands-openapi-original.yml, openapi/catalog-categories-openapi-original.yml,
openapi/catalog-category-trees-openapi-original.yml, openapi/catalog-product-modifiers-openapi-original.yml,
openapi/catalog-product-variant-options-openapi-original.yml, openapi/catalog-product-variants-openapi-original.yml,
openapi/catalog-products-openapi-original.yml ...
summary:
types:
- apiKey
- http
api_key_in:
- header
schemes:
- name: X-Auth-Token
type: apiKey
in: header
parameter: X-Auth-Token
description: |-
### OAuth scopes
| UI Name | Permission | Parameter |
|:--|:--|:-|
| Information & Settings | read-only | `store_v2_information_read_only`|
| Information & Settings | modify | `store_v2_information` |
### Authentication header
| Header | Argument | Description |
|:-|:|:|
| `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide
sources:
- openapi/abandoned-cart-emails-openapi-original.yml
- openapi/abandoned-carts-openapi-original.yml
- openapi/accepted-payment-methods-openapi-original.yml
- openapi/accepted-payment-methods-openapi.yml
- openapi/carts-openapi-original.yml
- openapi/catalog-brands-openapi-original.yml
- openapi/catalog-categories-openapi-original.yml
- openapi/catalog-category-trees-openapi-original.yml
- openapi/catalog-product-modifiers-openapi-original.yml
- openapi/catalog-product-variant-options-openapi-original.yml
- openapi/catalog-product-variants-openapi-original.yml
- openapi/catalog-products-openapi-original.yml
- openapi/channels-openapi-original.yml
- openapi/checkouts-openapi-original.yml
- openapi/content-openapi-original.yml
- openapi/currencies-openapi-original.yml
- openapi/custom-template-associations-openapi-original.yml
- openapi/customers-openapi-original.yml
- openapi/email-templates-openapi-original.yml
- openapi/geography-openapi-original.yml
- openapi/marketing-openapi-original.yml
- openapi/orders-openapi-original.yml
- openapi/pages-openapi-original.yml
- openapi/payment-access-token-openapi-original.yml
- openapi/payment-access-token-openapi.yml
- openapi/payment-methods-deprecated-openapi-original.yml
- openapi/price-lists-openapi-original.yml
- openapi/pricing-openapi-original.yml
- openapi/redirects-openapi-original.yml
- openapi/scripts-openapi-original.yml
- openapi/settings-openapi-original.yml
- openapi/shipping-openapi-original.yml
- openapi/sites-openapi-original.yml
- openapi/store-information-openapi-original.yml
- openapi/store-logs-openapi-original.yml
- openapi/storefront-token-openapi-original.yml
- openapi/subscribers-openapi-original.yml
- openapi/tax-classes-openapi-original.yml
- openapi/tax-properties-openapi-original.yml
- openapi/tax-provider-connection-openapi-original.yml
- openapi/tax-rates-zones-openapi-original.yml
- openapi/tax-settings-openapi-original.yml
- openapi/tax-zone-check-openapi-original.yml
- openapi/themes-openapi-original.yml
- openapi/webhooks-v3-openapi-original.yml
- openapi/widgets-openapi-original.yml
- openapi/wishlist-openapi-original.yml
- name: BearerPAT
type: http
scheme: bearer
bearerFormat: PAT {{PAYMENT_ACCESS_TOKEN}}
description: |-
### OAuth scopes
The required scopes are granted to the `payment_access_token` upon generation.
### Authentication header
| Header | Argument | Description |
|:-|:|:|
|`Authorization`|`PAT {{PAYMENT_ACCESS_TOKEN}}`| Obtained using the Create Access Token endpoint.|
### Further reading
For an outline of the Process Payment API call flow and more information about authenticating, see [Authentic
sources:
- openapi/payment-processing-openapi-original.yml
- name: Authorization
type: http
scheme: basic
description: The [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication)
(developer.mozilla.org) credentials used to authenticate each API request to the Tax Provider
from the associated store; set and update `username`, `password`, and optionally `profile`,
using the [Update a Connection](/docs/rest-contracts/tax-app-connection#update-a-connection)
request. `profile` is a
sources:
- openapi/tax-provider-openapi-original.yml