Understand the change: as of September 30, 2025 the B2B Edition-specific authToken is deprecated for server-to-server calls; December 31, 2025 is the cutoff for creating new legacy authTokens in the B2B Edition control panel — existing tokens are not hard-sunset on that date, but migration is strongly advised.
In the BigCommerce Control Panel navigate to Settings > Store-level API accounts and click Create API Account.
Select V3 Token type and set the B2B Edition scope to 'modify'; save the ACCESS TOKEN and STORE HASH values securely.
Replace the Authorization: authToken header in your server-to-server requests with two headers: X-Auth-Token (the access token) and X-Store-Hash (the store hash).
Test each B2B REST Management API endpoint with the new headers; note that storefront requests and storefront authTokens are unaffected by this change.
Delete unused legacy API accounts from the B2B Edition Settings panel after confirming all integrations work with the new token structure.
Known gotchas
Dec 31, 2025 blocks creation of new legacy authTokens only — it is not a hard sunset of already-issued tokens, but relying on deprecated tokens increases operational risk.
Sending X-Store-Hash alongside a legacy authToken causes unexpected errors; only include that header when using X-Auth-Token.
X-Auth-Token without a matching X-Store-Hash returns server errors; both headers are required together for every server-to-server B2B Edition request.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp