BigCommerce · Authentication Profile

Bigcommerce Authentication

Authentication

BigCommerce secures its APIs with apiKey and http across 3 declared security schemes, as derived from its OpenAPI definitions.

E-CommerceRetailCatalogOrdersCheckoutPaymentsSaaS
Methods: apiKey, http Schemes: 3 OAuth flows: API key in: header

Security Schemes

X-Auth-Token apiKey
· in: header (X-Auth-Token)
BearerPAT http
scheme: bearer
Authorization http
scheme: basic

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/abandoned-cart-emails-openapi-original.yml, openapi/abandoned-carts-openapi-original.yml,
  openapi/accepted-payment-methods-openapi-original.yml, openapi/accepted-payment-methods-openapi.yml,
  openapi/carts-openapi-original.yml, openapi/catalog-brands-openapi-original.yml, openapi/catalog-categories-openapi-original.yml,
  openapi/catalog-category-trees-openapi-original.yml, openapi/catalog-product-modifiers-openapi-original.yml,
  openapi/catalog-product-variant-options-openapi-original.yml, openapi/catalog-product-variants-openapi-original.yml,
  openapi/catalog-products-openapi-original.yml ...
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - header
schemes:
- name: X-Auth-Token
  type: apiKey
  in: header
  parameter: X-Auth-Token
  description: |-
    ### OAuth scopes

    | UI Name | Permission | Parameter |
    |:--|:--|:-|
    | Information & Settings  | read-only  | `store_v2_information_read_only`|
    | Information & Settings  | modify     | `store_v2_information`          |

    ### Authentication header

    | Header | Argument | Description |
    |:-|:|:|
    | `X-Auth-Token` | `access_token` | For more about API accounts that generate `access_token`s, see our [Guide
  sources:
  - openapi/abandoned-cart-emails-openapi-original.yml
  - openapi/abandoned-carts-openapi-original.yml
  - openapi/accepted-payment-methods-openapi-original.yml
  - openapi/accepted-payment-methods-openapi.yml
  - openapi/carts-openapi-original.yml
  - openapi/catalog-brands-openapi-original.yml
  - openapi/catalog-categories-openapi-original.yml
  - openapi/catalog-category-trees-openapi-original.yml
  - openapi/catalog-product-modifiers-openapi-original.yml
  - openapi/catalog-product-variant-options-openapi-original.yml
  - openapi/catalog-product-variants-openapi-original.yml
  - openapi/catalog-products-openapi-original.yml
  - openapi/channels-openapi-original.yml
  - openapi/checkouts-openapi-original.yml
  - openapi/content-openapi-original.yml
  - openapi/currencies-openapi-original.yml
  - openapi/custom-template-associations-openapi-original.yml
  - openapi/customers-openapi-original.yml
  - openapi/email-templates-openapi-original.yml
  - openapi/geography-openapi-original.yml
  - openapi/marketing-openapi-original.yml
  - openapi/orders-openapi-original.yml
  - openapi/pages-openapi-original.yml
  - openapi/payment-access-token-openapi-original.yml
  - openapi/payment-access-token-openapi.yml
  - openapi/payment-methods-deprecated-openapi-original.yml
  - openapi/price-lists-openapi-original.yml
  - openapi/pricing-openapi-original.yml
  - openapi/redirects-openapi-original.yml
  - openapi/scripts-openapi-original.yml
  - openapi/settings-openapi-original.yml
  - openapi/shipping-openapi-original.yml
  - openapi/sites-openapi-original.yml
  - openapi/store-information-openapi-original.yml
  - openapi/store-logs-openapi-original.yml
  - openapi/storefront-token-openapi-original.yml
  - openapi/subscribers-openapi-original.yml
  - openapi/tax-classes-openapi-original.yml
  - openapi/tax-properties-openapi-original.yml
  - openapi/tax-provider-connection-openapi-original.yml
  - openapi/tax-rates-zones-openapi-original.yml
  - openapi/tax-settings-openapi-original.yml
  - openapi/tax-zone-check-openapi-original.yml
  - openapi/themes-openapi-original.yml
  - openapi/webhooks-v3-openapi-original.yml
  - openapi/widgets-openapi-original.yml
  - openapi/wishlist-openapi-original.yml
- name: BearerPAT
  type: http
  scheme: bearer
  bearerFormat: PAT {{PAYMENT_ACCESS_TOKEN}}
  description: |-
    ### OAuth scopes

    The required scopes are granted to the `payment_access_token` upon generation.

    ### Authentication header

    | Header | Argument | Description |
    |:-|:|:|
    |`Authorization`|`PAT {{PAYMENT_ACCESS_TOKEN}}`| Obtained using the Create Access Token endpoint.|

    ### Further reading

    For an outline of the Process Payment API call flow and more information about authenticating, see [Authentic
  sources:
  - openapi/payment-processing-openapi-original.yml
- name: Authorization
  type: http
  scheme: basic
  description: The [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication)
    (developer.mozilla.org) credentials used to authenticate each API request to the Tax Provider
    from the associated store; set and update `username`, `password`, and optionally `profile`,
    using the [Update a Connection](/docs/rest-contracts/tax-app-connection#update-a-connection)
    request. `profile` is a
  sources:
  - openapi/tax-provider-openapi-original.yml