This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.

Authentication return data for a restaurant management group API client

Important

The API authentication endpoint and procedure described in this section is deprecated. Implement authentication for your Toast API integration using the endpoint and procedure described in Authentication and restaurant access.

The user management API returns the following information for a successful authentication request using a restaurant management group API client. For more information about restaurant management group API accounts, see Toast API accounts.

  • access_token - an encoded string that contains an authentication token. You can present this string when you make requests to other, secure Toast API resources.

  • expires_in - the number of seconds that the authentication token is valid. For example, an authentication token might be valid for 3600 seconds after the user management API issues it.

  • jti - an identifier for the authentication token. You do not need to use the information in this field.

  • namingAuthority - the name of your organization.

  • rsGuid - the globally unique identifier (GUID) of the top-level unit in your restaurant chain. For example, this identifier might be for the parent unit for multiple restaurants, or for a single, independent restaurant.

  • scope - a space-delimited list of Toast APIs that will accept the authentication token.

    The user management API does not return a complete list of the Toast APIs that your client is authorized to use.

  • token_type - the OAuth 2 authentication scheme used for the authentication token. Toast API authentication uses the bearer authentication scheme.

The following example shows the JSON data that the user management API returns for a successful request using a restaurant management group client.

Authentication return data for a restaurant management group client

{
    "access_token": "eyJhbGciOiJSUzI1NiJ9ciOiJSUzI.e5nQXV0aG
9yaXR5IjoiQ1JVTkNIVElNRSIsInJzR3VpZCI6IjyJhdWQiOlsidG9hc3QiX
SwibmFtaWE4YzQ5YWJlLWFllIjpbImxhYm9yIiwib3JkZXJzIiwidXNlcm1n
bXQiXSwiZXhwIjoxNODItNGFlYy04NDM1LWJhYTRjMjVlYTY2MiIsInNjb3B
Dg0Mzg5ODUwLCJqdGkiOiJlMDxM2YiLCJjbGllbnRfaWQiOiJjcnVuY2h0aW
1lIn0YzZjJkMy1jNGYyLTRiZjItODJmNi01MTg1NWMzZDA.X18_lryUNHaEv
JdWq45F9gdOw2o6VSYTyZwooAJiFMDmN_0y9HzjSg7sddrGatj0xJzts3GJ8
uakbZrtiGJL3txKL1L-K2j1Enoq8An8hEUdYwLzuLwLpCMQzX5pKYtOqDUz_
cetM6e8J0KdAiwrYFO3W3CmWedaoz95K9ghNZVCs28Td2wAR60xczlCF5rna
98RMLN6zY4ffjmljKFZ6QV0KkVppWjEiJn7oSp3Ix3fObxbrvanocx9_OT8S
9uM8hdSXmBI_ykTWvOVgK4hO24V3DJy4b9bz1FtgOvrClhELxCe8dJy7jiFH
iIylCX1sYzd241Y-gwo007AMgxjH9",
    "expires_in": 3600,
    "jti": "e063f2d3-c4f2-4bf2-82f6-51855c3d013f",
    "namingAuthority": "MYORGANIZATION",
    "rsGuid": "18c49abe-4aec-a2e8-8543-baa4c25ea662",
    "scope": "labor orders usermgmt",
    "token_type": "bearer"
}