DEVDOCS-4269: [update] reorder sections

docs/start/authentication/api-accounts.mdx

@@ -20,6 +20,26 @@ Every active API account has at least one `access_token`. [Store-level API accou
 
 **Guard these values closely.** The client ID and client secret will never change; access tokens do not expire based on time and cannot be manually invalidated. It's best practice to limit each account's [OAuth scope](#oauth-scopes) to only the privileges needed to complete that app or user's designated tasks. Create separate API accounts for each app, store API user or function, or account-related implementation.
 
+## Choosing the right kind of API account
+
+Where both types of API account are supported, review the preceding sections to make an informed choice about which best fits your use case. In the following table, links go to the relevant section of our [Authentication and Example Requests](/docs/start/authentication) article.
+
+| API or Use Case | Store-level API account | App-level API account | Account-level API account |
+|:----------------|:-----------------------:|:---------------------:|:-------------------------:|
+| [GraphQL Account API](/docs/start/authentication#access-tokens), including [Users](/docs/graphql-account/users)  |  |  | × |
+| [GraphQL Admin API](/docs/start/authentication#access-tokens) | × | × |  |
+| [GraphQL Storefront API](/docs/start/authentication#bigcommerce-generated-jwts) | × |  |  |
+| [REST Store Management APIs](/docs/start/authentication#access-tokens) | × | × |  |
+| [REST Storefront API](/docs/start/authentication#same-origin-cors-authentication) | × |  |  |
+| [Customer Login API](/docs/start/authentication#user-generated-jwts) |  | × |  |
+| [Current Customer API](/docs/start/authentication#client-id) |  | × |  |
+| [Payments API](/docs/start/authentication#bigcommerce-generated-jwts) | × | × |  |
+| [Apps that host REST Provider APIs (provider apps)](/docs/start/authentication#developer-configured-authentication) |  | × |  |
+| [Apps that create App Extensions](/docs/integrations/apps/app-extensions) |  | × |  |
+| Apps hosted in the store control panel (single-click apps) |  | × |  |
+| Manual connection between a third-party app and a store | × |  | × |
+| Single-store frontend scripts |  | × |  |
+
 ## Store-level API accounts
 
 Merchants generate single-store API credentials when they create API accounts in their store control panel, in the **[Settings > Store-level API accounts](https://login.bigcommerce.com/deep-links/manage/settings-list)** menu. Use these credentials to read and change one store's data with BigCommerce's APIs. You can't change store-level access tokens or OAuth scopes.
@@ -116,26 +136,6 @@ An account-level access token is valid until the account is no longer active. Ho
 
 To delete an account-level API account, visit the [account control panel](https://accounts.bigcommerce.com/tokens) and find the account you want to delete in the list. Click the three dots in the **Action** column, then click **Delete**. Follow any prompts that appear.
 
-## Choosing the right kind of API account
-
-Where both types of API account are supported, review the preceding sections to make an informed choice about which best fits your use case. In the following table, links go to the relevant section of our [Authentication and Example Requests](/docs/start/authentication) article.
-
-| API or Use Case | Store-level API account | App-level API account | Account-level API account |
-|:----------------|:-----------------------:|:---------------------:|:-------------------------:|
-| [GraphQL Account API](/docs/start/authentication#access-tokens), including [Users](/docs/graphql-account/users)  |  |  | × |
-| [GraphQL Admin API](/docs/start/authentication#access-tokens) | × | × |  |
-| [GraphQL Storefront API](/docs/start/authentication#bigcommerce-generated-jwts) | × |  |  |
-| [REST Store Management APIs](/docs/start/authentication#access-tokens) | × | × |  |
-| [REST Storefront API](/docs/start/authentication#same-origin-cors-authentication) | × |  |  |
-| [Customer Login API](/docs/start/authentication#user-generated-jwts) |  | × |  |
-| [Current Customer API](/docs/start/authentication#client-id) |  | × |  |
-| [Payments API](/docs/start/authentication#bigcommerce-generated-jwts) | × | × |  |
-| [Apps that host REST Provider APIs (provider apps)](/docs/start/authentication#developer-configured-authentication) |  | × |  |
-| [Apps that create App Extensions](/docs/integrations/apps/app-extensions) |  | × |  |
-| Apps hosted in the store control panel (single-click apps) |  | × |  |
-| Manual connection between a third-party app and a store | × |  | × |
-| Single-store frontend scripts |  | × |  |
-
 ## Migrating from legacy to OAuth
 
 <Callout type="warning">