This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.
Important |
The authentication method described in this section is deprecated. The preferred authentication method for the Toast gift card API is static API key authentication. For information about using static API authentication, see Authenticating outbound API requests. |
You can verify that gift card transaction requests are from the
Toast platform by validating the JSON Web Token (JWT) in the header of
every request. Each gift card transaction request includes a JWT in the
Authorization
header field.
You can validate the JWT for a request with a public key that you get from the Toast API user management service.
You use the public key that matches the Toast environment that you are integrating with. For information about Toast API environments, see Environments.
-
For the production environment (real transactions) send a
GET
request to the following endpoint.https://
[toast-production-api-hostname]
/usermgmt/v1/oauth/token_key -
For the sandbox environment (testing transactions) send a
GET
request to the following endpoint.https://
[toast-sandbox-api-hostname]
/usermgmt/v1/oauth/token_key
Note |
The Toast technical partnership team supplies the host names for Toast API environments during your integration process. |