How to Generate a BigCommerce Storefront GraphQL Token Using Postman
March 31, 2026
By: Tiffany Hindman
Summary: BigCommerce’s Storefront GraphQL API gives you a faster, more flexible way to power modern eCommerce experiences—but before you can use it, you need a Storefront token.
This guide walks through exactly how to generate a BigCommerce Storefront GraphQL token using Postman, so you can authenticate requests and start building headless storefronts, custom frontends, or advanced integrations with confidence.
Introduction
BigCommerce GraphQL is often overlooked—and that’s exactly why many builds eventually run into limitations.
Most storefront implementations rely exclusively on REST APIs, which works fine at first. But once you start building headless storefronts, custom frontends, or deeper integrations with external systems, REST can quickly become inefficient. You end up making multiple requests, pulling back far more data than you need, or reshaping responses on the frontend just to make them usable.
This is where the BigCommerce Storefront GraphQL API becomes a game changer.
With GraphQL, you can request only the data you actually need—products, pricing, images, categories, carts, and customer data—in a single, precisely shaped response. That flexibility dramatically improves performance and simplifies frontend and integration logic.
Before you can run your first query, though, you need a Storefront GraphQL token.
This article focuses only on generating that token using Postman.
What Is GraphQL in BigCommerce?
In BigCommerce, GraphQL acts as a flexible data layer for storefront level experiences. Instead of relying on multiple REST endpoints, the Storefront GraphQL API allows you to query exactly the fields you need—nothing more, nothing less.
With the Storefront GraphQL API, you can:
- Retrieve product catalog data with built in search, filtering, and sorting
- Request product images at specific sizes and resolutions
- Access signed in customer information like names, emails, and attributes
- Resolve entities such as categories and brands by their URLs
- Create carts, retrieve existing carts, and initiate checkout flows
Because GraphQL allows multiple related resources to be returned in a single request, it reduces network overhead and improves performance — especially important for headless storefronts and custom frontends.
NOTE:
GraphQL does not currently support sorting products by Price Lists. Any price based sorting performed through the Storefront GraphQL API is based on product level pricing, not customer specific price lists.
The BigCommerce Storefront GraphQL API works with Stencil themes and headless channels. Legacy Blueprint themes are not supported.
Step by Step: Creating a Storefront GraphQL Token
Step 1: Create an API Account in BigCommerce
To generate a Storefront GraphQL token, you must first create an API account in the BigCommerce admin.
- Log in to your BigCommerce Admin
- Navigate to Settings → API Accounts
- Click Create API Account
- Select V2/V3 API token as the token type
(This token type is required to create Storefront GraphQL tokens) - Enter a descriptive name, such as “Storefront GraphQL Token Generator”
- Under OAuth Scopes, ensure Storefront API Tokens is set to Manage
(Additional scopes may be required depending on your broader use case) - Click Save
After saving, BigCommerce will display your credentials and prompt you to download a .txt file.
Important: Store this file securely. The access token shown here cannot be viewed again in the BigCommerce control panel.
Step 2: Generate the Storefront Token in Postman
Once you have your API access token, you’ll use Postman to generate the actual Storefront GraphQL token.
Request Details
Method: POST
Endpoint: https://api.bigcommerce.com/stores/{STORE_HASH}/v3/storefront/api-token
Headers: X-Auth-Token: YOUR_API_ACCESS_TOKEN Content-Type: application/json Accept: application/json
Request Body Example:
{
"channel_id": 1,
"allowed_cors_origins": [
"https://yourdomain.com",
"https://yourdomain2.com"
],
"expires_at": 2147483647
}
Notes on Request Fields
- channel_id
- Typically 1 for the default storefront.
- Required for multi storefront setups.
- More than one may be applied. - allowed_cors_origins
- Required for any browser based GraphQL requests.
- If you are connecting multiple sites (for example, to access metafields across domains), add every domain to allowed_cors_origins.
- Limit of two CORS origins per token: The allowed_cors_origins array supports a maximum of two domains per token. If you need more, you’ll need to generate additional tokens. - expires_at
- Required.
- This example sets the token to effectively never expire.
TIPS:
Do not include a trailing slash in your domain URLs.
✅ https://yourdomain.com
❌ https://yourdomain.com/
Step 3: Confirm the Response
If everything is correct, the response will look something like this:
{
"data": {
"token": "YOUR_GRAPHQL_TOKEN"
}
}
This token is what you will use to authenticate all Storefront GraphQL requests.
Using the Storefront GraphQL Token
Once generated, you can call the GraphQL endpoint directly.
GraphQL Endpoint: https://store-{STORE_HASH}.mybigcommerce.com/graphql
Required Headers: Authorization: Bearer YOUR_GRAPHQL_TOKEN Content-Type: application/json
At this point, your store is fully authenticated and ready for GraphQL queries.
Final Thoughts
Setting up the BigCommerce GraphQL API isn’t complicated—but getting the details right matters:
- Generate your token correctly
- Configure CORS carefully
- Structure your queries intentionally
Once that’s in place, you unlock a flexible, scalable way to power modern eCommerce experiences.
Building with BigCommerce GraphQL is powerful—but getting architecture, performance, and ERP connectivity right is where most teams struggle.
If you're planning a headless build or need deeper integration with systems like Microsoft Dynamics 365, Strabo Partners can help.