With Bigcommerce moving their API to an Oauth 2.0 authentication system there are key pieces that app developers must setup prior to obtaining an access token. The Bigcommerce API requires three callback URLs: the authentication URL, uninstall URL, and load URL. Each one of these URLs must be hosted on your web server and handled by a server side script which intakes the data from the Bigcommerce API HTTP GET request.
The authorization callback URL must be able to handle a GET request containing the store code, scope and context as outlined in the Bigcommerce API documentation. Then taking in that data you must do a HTTP POST back to Bigcommerce with the client id, client secret, code, scope, grant type, redirect URI, and context. You can either use your own method to post back or use one of the unofficial Bigcommerce API libraries. If you do not know how to retrieve your client id and secret then view my how-to article. If everything was done correctly with the correct credentials then Bigcommerce will send you back an access token.
In order for users to uninstall your app Bigcommerce requires developers to implement an uninstall URL. This server side script must be able to handle a GET request containing a signature and an encoded json object containing the user id, email and store hash. Then with this information you must remove the user’s account information from your system.
Lastly you need a load callback URL. When a user goes to use your app in their control panel it will signal a load callback which tells Bigcommerce to perform a GET request with a signed payload, much like the uninstall callback. The payload is exactly the same as the uninstall callback; however instead of uninstalling you must create a session on your server to interact with your app and keep track of relevant user actions.
Try setting up all three call back URLs locally and testing them before trying to gain authorization. Once you have everything working on a local machine and tested on your web server, then you are ready for a live test. If you have additional questions feel free to ask us in the comments or visit the Bigcommerce API developer page for more information.