This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.

Making the request

To get an authentication token, you send a POST request to the /authentication/login endpoint of the Toast authentication API. The following example shows the URL of the endpoint.

https://[toast-api-hostname]/authentication/v1/authentication/login

You must include your client identifier and client secret string in the message body of a POST request for an authentication token. You receive a client identifier string (clientId) and client secret string (clientSecret) from the Toast support team. Follow these guidelines when storing your API credentials.

When the authentication API determines that the client identifier and client secret string are valid, it returns an authentication token along with a set of data describing the way you can use it. For more information, see Toast API accounts.

You include the following JSON object in the message body parameter of an /authentication/login endpoint request.

Message body parameter for an /authentication/login endpoint request

{
  "clientId": "myToastApiClientIdentifier",1
  "clientSecret": "myToastApiClientSecret",2
  "userAccessType": "TOAST_MACHINE_CLIENT"3
}

1

The identifier string for your Toast API client. You receive the identifier string from the Toast integrations team.

2

The secret string that corresponds to your Toast API client. You receive the secret string from the Toast integrations team.

3

Always include the userAccessType value and set it to TOAST_MACHINE_CLIENT.


The following curl command requests an authentication token from the /authentication/login resource. For more information about the curl utility, see https://curl.haxx.se/.

Authentication request using curl program command

curl -X POST \1
-H "Content-Type: application/json" \2
-d @file-containing-message-body-parameter.json \3
https://[toast-api-hostname]/authentication/v1/authentication/login4

1

Use the POST HTTP method to make an authentication request.

2

Include the HTTP Content-Type header field and set its value to application/json.

3

Include a JSON object including your client identifier and client secret in the message body parameter. See Message body parameter for an /authentication/login endpoint request.

4

Send the request to the /authentication/login endpoint of the authentication API.