Access to Toast APIs, specific endpoints, and specific API endpoint operations is controlled by the scopes that are associated with your API account. Toast API scopes and their capabilities are described below.
To see the scopes associated with your API client, you must decrypt the authentication token you receive after you request an authentication token. For more information about the contents of a Toast API authentication token, see Authentication return data for a partner API client and Authentication return data for a restaurant management group API client.
The following table describes the scopes that determine what actions your Toast API client has permission to perform.
|
API |
Scope Type |
Scope Name |
Description |
||
|---|---|---|---|---|---|
|
Cash management |
Read |
|
Allows reading from the cash management API. |
||
|
Configuration |
Read |
|
Allows reading from the configuration API. |
||
|
Credit cards |
Write |
|
Allows authorization of payments through the credit cards API. |
||
|
Kitchen |
Read |
|
Allows reading from the kitchen API. |
||
|
Labor |
Read |
|
Allows reading all data except employees from the labor API. |
||
|
Labor |
Read |
|
Allows reading employee information from the labor API. |
||
|
Labor |
Write |
|
Allows updating employee information in the labor API. |
||
|
Labor |
Write |
|
Allows updating job information in the labor API. |
||
|
Labor |
Write |
|
Allows updating shift information in the labor API. |
||
|
Menus |
Read |
|
Allows reading from the menus API V3.
|
||
|
Menus |
Read |
|
Allows reading from the menus API V2.
|
||
|
Order management configuration |
Read |
|
Allows reading from the order management configuration API. |
||
|
Orders |
Read |
|
Allows reading from the orders API with the exception of guest information. If
your API client creates orders, then to read orders, it must have
both the |
||
|
Orders |
Read |
|
Allows API clients that submit orders to the Toast platform to read from the orders API. To read orders, the API client must have
both the API clients
that have the |
||
|
Orders |
Read |
|
Allows reading guest delivery address information from the orders API. |
||
|
Orders |
Read |
|
Allows reading guest and curbside pickup information from the orders API. |
||
|
Orders |
Write |
|
Allows updating delivery information from the orders API. |
||
|
Orders |
Write |
|
Allows adding discounts to orders using the orders API. |
||
|
Orders |
Write |
|
Allows adding items to orders using the orders API. |
||
|
Orders |
Write |
|
Allows posting orders orders using the orders API. |
||
|
Orders |
Write |
|
Allows adding payments and tips to existing orders using the orders API. |
||
|
Orders |
Void |
|
Allows voiding an order using the orders API. |
||
|
Packaging preferences |
Read |
|
Allows reading a restaurant's packaging preferences configuration using the packaging configuration API. |
||
|
Restaurant availability Restaurants |
Read |
|
Allows reading from the restaurant availability API. Allows reading from the restaurants API. |
||
|
Stock |
Read |
|
Allows reading from the stock API. |
||
|
Stock |
Write |
|
Allows updating stock status for menu items (and modifier option item references) using the stock API. |
The scopes that give your Toast API client permission to use APIs, endpoints, and endpoint functions are assigned based on your organization's business requirements. Some Toast API scopes are available to all API clients and some scopes are assigned to clients after specific certification of the integration function they are used for.
If your API client does not have the scope required to perform an action, you can contact the Toast integrations team to learn about the requirements for getting access to the scope. The business requirements of your organization and the status of your integration affect the scopes assigned your API client.