This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.

Using an authentication token

To use secured Toast API resources, when you make a request you:

  • Present a valid authentication token in the Authorization HTTP header field when you make a request. An authentication token is a text string that you can get from the /authentication/login endpoint of the authentication API. See Getting an authentication token.

    The Toast API uses bearer authentication tokens. You must include the string Bearer in the value of the Authorization HTTP header field, before the token string, to indicate the type of the token. For example, Authorization: Bearer [my-authentication-token].

  • Specify the individual restaurant context for your request in the Toast-Restaurant-External-ID header field.

    To specify the restaurant that is the subject of a Toast API request, you include the Toast system GUID for that restaurant in the Toast-Restaurant-External-ID HTTP header field. For example, Toast-Restaurant-External-ID: 47286e0a4-4fef-9230-b3dae11e7a9.

The following curl command presents an authentication token when it makes a Toast API request.

curl -X GET \
-H "Authorization: Bearer eyJzI1NiJ9hbGciOiJSU.eyJhd9yaXR5Ij
oiQ1JVTkNIVElNRSIsInJzR3VpZCI6IjE4YzQLCJqdLWFlODItNGFlYy04ND
M1LLCJqdRjMjVlYTY2MiIsInNjb3BlIjpbImxWQiOlsidG9hc3QiXSwibmFt
aW5nQXV0aGhYm9yIiwib3JkZXJzIiwidXNlcm1nbXQiXSwiZXhwIjoxNDg0M
zg5ODUwLCJqdGkiOiJlMDYzZjJkMy1jNGYyLTRiZjItODJmNi01MTg1NWMzZ
DAxM2YiLCJjbGllbnRfaWQiOiJjcnVuY2h0aW1lIn0.X1_0y9Hzj5F9gdOw2
o6VSYTyZwooAJiFMDmNakbZrtiUdYwLzuLwLpCMQzX5pKYtOqDUz_cetGJL3
txKL1L-K2j1Enoq8An8hEM6e8J0KdAiwrYFO3W3CmWedLCJqdK9ghNZVCs28
Td2Sp3IxLCJqdbrvanocx9_OT8S9uM8hdSXmBI_ykTWvOVgK4hO24V3DJy4b
9bz1FtgOvrClhELxCe8dJy7jiwAR60xczlCF5rna98RMLN6zY4ffjmljKFZ6
QV0KkVppWjEiJn7oFHiIylCX1sSg7sddrGatj0xJzts3GLCJqdlryUNHaEvJ
dWq4Yzwo007AMgxjH9d241Y-g" \
-H "Toast-Restaurant-External-ID: 4721e7a9-b4ae-4fef-9230-b3dae186e0a4" \
https://[toast-api-hostname]/labor/v1/employees