fix: B2B-3725 add required b2b headers

Author: bc-victor

.env.example

@@ -44,9 +44,11 @@ DEFAULT_REVALIDATE_TARGET=3600
 # URL for the B2B API. This is used to connect to the B2B API for features like customer impersonation and B2B-specific data
 B2B_API_HOST=https://api-b2b.bigcommerce.com
 
-# The B2B API Token is used to authenticate requests to the B2B API.
-# It can be generated in the B2B control panel Settings > API Accounts > Create API Account. 
-B2B_API_TOKEN=
+# A store-level API account token used for REST API actions. Optional by default, but required in
+# the sign-in logic that interacts with the buyer portal. This integration requires a 
+# `BIGCOMMERCE_ACCESS_TOKEN` with `modify` scope on B2B Edition.
+# See https://support.bigcommerce.com/s/article/Store-API-Accounts?language=en_US
+BIGCOMMERCE_ACCESS_TOKEN=
 
 # URL for the local buyer portal instance. Uncomment if developing locally.
 # LOCAL_BUYER_PORTAL_HOST=http://localhost:3001

core/b2b/client.ts

@@ -12,8 +12,10 @@ interface LoginWithB2BParams {
 const ENV = z
   .object({
     env: z.object({
-      B2B_API_TOKEN: z.string(),
       BIGCOMMERCE_CHANNEL_ID: z.string(),
+      BIGCOMMERCE_STORE_HASH: z.string(),
+      BIGCOMMERCE_ACCESS_TOKEN: z.string().optional(),
+      B2B_API_TOKEN: z.string().optional().describe('This is deprecated in favour or BIGCOMMERCE_ACCESS_TOKEN, read https://support.bigcommerce.com/s/article/Store-API-Accounts?language=en_US'),
     }),
   })
   .transform(({ env }) => env);
@@ -29,17 +31,26 @@ const B2BTokenResponseSchema = z.object({
 });
 
 export async function loginWithB2B({ customerId, customerAccessToken }: LoginWithB2BParams) {
-  const { B2B_API_TOKEN, BIGCOMMERCE_CHANNEL_ID } = ENV.parse(process);
+  const { BIGCOMMERCE_CHANNEL_ID, B2B_API_TOKEN, BIGCOMMERCE_STORE_HASH, BIGCOMMERCE_ACCESS_TOKEN } = ENV.parse(process);
+  const headers: HeadersInit = {
+    Accept: 'application/json',
+    'Content-Type': 'application/json',
+  };
 
-  const apiHost = getAPIHostname();
+  if (BIGCOMMERCE_ACCESS_TOKEN) {
+    headers['X-Auth-Token'] = BIGCOMMERCE_ACCESS_TOKEN;
+    headers['X-Store-Hash'] = BIGCOMMERCE_STORE_HASH;
+  } else if (B2B_API_TOKEN) {
+    headers['authToken'] = B2B_API_TOKEN;
+    console.warn('This is deprecated in favour or BIGCOMMERCE_ACCESS_TOKEN, read https://support.bigcommerce.com/s/article/Store-API-Accounts?language=en_US')
+  } else {
+    throw new Error('No B2B API token or BigCommerce token found in environment variables.');
+  } 
 
+  const apiHost = getAPIHostname();
   const response = await fetch(`${apiHost}/api/io/auth/customers/storefront`, {
     method: 'POST',
-    headers: {
-      Accept: 'application/json',
-      'Content-Type': 'application/json',
-      authToken: B2B_API_TOKEN,
-    },
+    headers,
     body: JSON.stringify({
       channelId: BIGCOMMERCE_CHANNEL_ID,
       customerId,