API Reference

The Kitchenhub Auth API enables secure access to all other API endpoints using OAuth2-based token authentication. Tokens have a limited lifespan and must be refreshed periodically using the provided refresh_token.


๐Ÿ”‘ Authentication Flow

โš ๏ธ

Security Notice: Your client_secret must be securely stored and never shared with third parties. If you suspect it has been compromised, notify us immediately so we can revoke and regenerate your credentials.

To access Kitchenhub APIs, you need to:

  1. Request an access token using your client_id and client_secret.
  2. Use the access_token in the Authorization header of each API request.
  3. Refresh the access_token when it expires using the refresh_token.



๐Ÿ“ฅ Generate Access Token

Endpoint:
POST /v2/auth/token

Request Body:

{
  "client_id": "your_client_id",
  "client_secret": "your_client_secret"
}

Response:

{
  "access_token": "your_access_token",
  "refresh_token": "your_refresh_token",
  "access_token_expire": 60,      // in minutes
  "refresh_token_expire": 1440    // in minutes
}

๐Ÿ“ค Use Access Token

To authorize API requests, include the token in the request header:

Authorization: Bearer your_access_token

Example:

GET /v2/orders
Host: api.trykitchenhub.com
Authorization: Bearer eyJhbGciOi...

๐Ÿ” Refresh Access Token

Endpoint:
POST /v2/auth/refresh

Use this endpoint to refresh your access_token using a valid refresh_token.

Request Body:

{
  "refresh_token": "your_refresh_token"
}

Response:

{
  "access_token": "new_access_token",
  "refresh_token": "new_refresh_token",
  "access_token_expire": 60,
  "refresh_token_expire": 1440
}

๐Ÿ”„

You must store the new refresh_token after each refresh, as the old one becomes invalid.


โœ… Validate Token

Endpoint:
POST /v2/auth/validate

Use this to check if a token is still valid and active.

Request Body:

{
  "access_token": "your_access_token"
}

Response:

{
  "valid": true,
  "expires_in": 45  // minutes remaining
}

๐Ÿงช Test Credentials

Before beginning full integration, we recommend testing your authentication flow in the staging environment to verify:

  • Token creation works correctly
  • Access token authorizes API requests
  • Token refresh is implemented
  • Token expiration is handled gracefully