This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.

Authentication return data for a restaurant management group API client

The authentication API returns the information shown in the following example for a successful authentication request using a restaurant management group API client. For more information about restaurant management group API accounts, see Toast API accounts.

Authentication return data for a restaurant management group client

{
  "@class": ".SuccessfulResponse",1
  "token": {
    "tokenType": "Bearer",2
    "scope": null,3 
    "expiresIn": 19168,4
    "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJwYXJ0bmVyR35
      V3JkZXJzOnYThkYWE5LWIyMDQtNDhhZi1iZDY2LWZiMzZkNzViYjU1NiIsIm5hbWl
      uZ0F1dGhvcml05NiIGlBFVEVSUEFSVE5FUiIsImF6cCI6InBldGVyLXBhcnRuZXIi
      LCJzY29wZSI6WyJjcm0iLCJsYWJvciIsImNvbmZpZ3VyYXRpb24iLCJjYXNobWdtd
      CIsInBhcnRuZXJzIiwiZ3Vlc3QucGk6cmVhZCIsImRlbGlcml05X2luZm8uYWRkcm
      VzczpyZWFkIiwib3JkZXJzO5NiIGQiLCJvcmRlcnMub3JkZXJzOndyaXRlIiwib3J
      kZXJzIiwiY3JlZGl0X2NhcmRzLmF1dGhvcml6YXRpb2463JkZXJzOnSwiZXhwIjox
      NTg4MTc2NDY2LCJqdGkiOiIyMTk4OWQwNS1jNzg4LTQzNWYtODQyMi0xYjRjZTM5O
      DdlODgiLCJjbGllbnRfaWQiOiJwZXRlci1wYXJ0bmVyIn0.BxROzc5ZyKVgkdsLTF
      LbyPR_dt5NiIG8vtJd3JkZXJzOnOQiJRtfx6sfse1i2ZG6VWIz_jVOvOiR2zaWra0
      yCcml051AVNV3xxn7u4finETPzm43lhf5NiIGYKqUD_HM-Z1B-CCAj-7C6nOGQWI9
      G_PYZRsb7lwmJG3tPW74bDKZhYJVnPO3HMNnd93A8AL4QVOVBO6L6BdqsK3lZ7nzY
      0hALk-LzyD-w_maz-s2kFx7vbWrp0l2X_gSpEi3JkZXJzOn81T-2bBtz4vkObQm27
      iI0Ww8K2ZeRwkSaR8zL2Qo-5NiIGRcml059S1_halz_GuWy4xOctS5WZOuIe5FaA",
    "idToken": null,6
    "refreshToken": null7
  },
  "status": "SUCCESS"8
}

1

For internal use.

2

The OAuth 2 authentication scheme used for the authentication token. Toast API authentication uses the bearer authentication scheme.

3

The scope value in your authentication token request response will be null. Your JSON Web Token (JWT) contains your list of scopes.

4

The number of remaining seconds that the authentication token is valid. For more information, see Refreshing authentication tokens.

5

A JSON Web Token (JWT) string that contains an authentication token. You present this string when you make requests to other Toast API resources. The JWT includes information about your Toast API client. For more information, see JWT payload contents for restaurant management group API client access token.

6

For internal use.

7

For internal use.

8

Indicates that your authentication request was successful.


The following example shows the JWT payload contents for a restaurant management group API client access token.

JWT payload contents for restaurant management group API client access token

{
  "https://toasttab.com/client_name": "MYNAMINGAUTHORITY",1
  "https://toasttab.com/access_type": "TOAST_MACHINE_CLIENT",2
  "https://toasttab.com/management_set_guid": "0423ad35-8ba2-45cf-9b6b-7da03f982c46",3
  "https://toasttab.com/type": "CUSTOMER",4
  "iss": "[Toast-token-issuer]",5
  "sub": "my-client-id@clients",6
  "aud": "https://toast-services-api/",7
  "iat": 1603107025,8
  "exp": 1588176466,9
  "azp": "my-client-id",10
  "scope": "orders:read menus:read",11
  "gty": "client-credentials"12
}

1

A human-readable name representing your API client.

2

The types of users that can authenticate through the system. For API clients, this is TOAST_MACHINE_CLIENT. TOAST_MACHINE_CLIENT represents the type of access credentials issued to services that use Toast APIs.

3

The unique Toast platform identifier for the restaurant management group this client can access.

4

The type of client requesting authentication. For restaurant management group API clients, this is CUSTOMER.

5

The issuer of the authentication token.

6

The subject of the token being issued. This value will be set to your client identifier and the string @clients.

7

The intended audience of your API usage.

8

A standard JWT claim indicating the time that the authentication token was issued. The time is presented in UNIX epoch format.

9

A standard JWT claim indicating the time that the authentication token expires. The time is presented in UNIX epoch format.

10

A standard JWT claim containing the identifier for the Toast API client. You receive the identifier string from the Toast integrations team.

11

The API functionality that your client ID is provisioned to use. For more information about API scopes, see the API scopes page.

12

The grant type of this API client. This value will be client-credentials.