This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.

About authentication tokens

An authentication token is an encoded text string that you can get from the authentication API (/authentication). To request an authentication token, you send the client identifier and client secret in the message body of a POST request to the /authentication/login endpoint of the authentication API (/authentication/v1/authentication/login).

Authentication tokens are valid for a limited period of time. The length of time is determined by the Toast API environment that you use. When it returns the token, the authentication API response specifies how long an authentication token is valid. After an authentication token expires, you must get a new token from the authentication API.