This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.

Gift card integration authentication

Important

The authentication method described in this section is deprecated. The preferred authentication method for the Toast gift card API is static API key authentication. For information about using static API authentication, see Authenticating outbound API requests.

You can verify that gift card transaction requests are from the Toast platform by validating the JSON Web Token (JWT) in the header of every request. Each gift card transaction request includes a JWT in the Authorization header field.

You can validate the JWT for a request with a public key that you get from the Toast API user management service.

You use the public key that matches the Toast environment that you are integrating with. For information about Toast API environments, see Environments.

  • For the production environment (real transactions) send a GET request to the following endpoint.

    https://[toast-production-api-hostname]/usermgmt/v1/oauth/token_key
  • For the sandbox environment (testing transactions) send a GET request to the following endpoint.

    https://[toast-sandbox-api-hostname]/usermgmt/v1/oauth/token_key

Note

The Toast technical partnership team supplies the host names for Toast API environments during your integration process.