Creating Analytics API Access credentials

The following procedure describes how to create Analytics API Access credentials in Toast Web.

Note

You can configure configure only one set of Analytics API Access credentials per management group in Toast Web.

To create Analytics API credentials

  1. Access Toast Web.

  2. Choose Integrations > Toast API access > Manage credentials to open the Manage credentials page.

    Note

    An active subscription to Toast Restaurant Management Suite Pro or higher is required.

  3. On the Manage credentials page, navigate to the Create new credentials button.

  4. Select the down arrow and select Analytics API. This opens the New Credentials page.

    Shows the Manage credentials page with the Analytics API button emphasized.

  5. On the New Credentials page, you can:

    • View a list of the reporting data that you will have read-only access to.

    • View links to documentation.

    • Enter a credential name. Toast support recommends this be a name that you can easily reference.

    • View the management group you are creating credentials for and the number of locations included.

      Shows the credential name, API scopes, and locations fields on the New Credentials page.

  6. Select the Create credentials button. This navigates you to the Credentials page.

    Shows the Credentials page for the credentials just created.

    On the Credentials page, you can:

    • View and edit the credential set name

    • View the management group used for the credentials set and the number of locations included

    • View links to the analytics API documentation and Standard API Access documentation

    • View and copy the API access URL

    • View and copy the API access type

    • View and copy the Client ID

    • View the Client secret

      Note

      You can only view the client secret once.

    • Delete credentials

Viewing Analytics API Access credentials in JSON format

You can choose to view your credentials in JSON format. JSON is short for JavaScript Object Notation. You can choose to copy your credentials and include them in the header of your API requests.

Shows credentials in JSON format.

Rotating client secret

Note

Active authentication tokens generated using your credentials will continue to be valid until they expire or are replaced with new authentication tokens.

A client secret is a private string assigned by Toast to verify the identity of the partner application to the service API when the application makes requests to Toast services. It is good security practice to rotate your client secret to minimize the impact of potential breaches and to reduce the possibility of compromised credentials. For more information, see Credential storage guidelines.

Note

Rotating your client secret may cause disruptions to any integrations using the same credentials.

To rotate your client secret:

  1. On the Credentials page, navigate to the Client secret information.

  2. Select Rotate secret. The Ready to rotate the client secret? dialog opens.

  3. To confirm, type ROTATE SECRET in the text field.

  4. Select the Continue button. The View the client secret dialog opens.

  5. Select View secret. Your new client secret appears. Toast support recommends you copy and store your client secret in a secure location, such as a password manager. For more information, see Credential storage guidelines.

  6. Select the I have copied and saved the client secret checkbox.

  7. Select the Finish button to finish rotating the client secret.

Deleting Analytics API Access credentials

Note

Deleting Analytics API Access credentials is permanent. You cannot restore deleted credentials.

To delete your Analytics API Access credentials, select the Delete credentials button on the Credentials page. This opens a confirmation dialog. In the dialog, type DELETE SECRET in the text field to confirm deletion of the credentials, and select the Delete button to finish deleting the credentials.