The Kitchenhub Auth API enables secure access to all other API endpoints using OAuth2-based token authentication. Tokens have a limited lifespan and must be refreshed periodically using the provided refresh_token
.
๐ Authentication Flow
Security Notice: Your
client_secret
must be securely stored and never shared with third parties. If you suspect it has been compromised, notify us immediately so we can revoke and regenerate your credentials.
To access Kitchenhub APIs, you need to:
- Request an access token using your
client_id
andclient_secret
. - Use the
access_token
in theAuthorization
header of each API request. - Refresh the
access_token
when it expires using therefresh_token
.
๐ฅ Generate Access Token
Endpoint:
POST /v2/auth/token
Request Body:
{
"client_id": "your_client_id",
"client_secret": "your_client_secret"
}
Response:
{
"access_token": "your_access_token",
"refresh_token": "your_refresh_token",
"access_token_expire": 60, // in minutes
"refresh_token_expire": 1440 // in minutes
}
๐ค Use Access Token
To authorize API requests, include the token in the request header:
Authorization: Bearer your_access_token
Example:
GET /v2/orders
Host: api.trykitchenhub.com
Authorization: Bearer eyJhbGciOi...
๐ Refresh Access Token
Endpoint:
POST /v2/auth/refresh
Use this endpoint to refresh your access_token
using a valid refresh_token
.
Request Body:
{
"refresh_token": "your_refresh_token"
}
Response:
{
"access_token": "new_access_token",
"refresh_token": "new_refresh_token",
"access_token_expire": 60,
"refresh_token_expire": 1440
}
You must store the new
refresh_token
after each refresh, as the old one becomes invalid.
โ
Validate Token
Endpoint:
POST /v2/auth/validate
Use this to check if a token is still valid and active.
Request Body:
{
"access_token": "your_access_token"
}
Response:
{
"valid": true,
"expires_in": 45 // minutes remaining
}
๐งช Test Credentials
Before beginning full integration, we recommend testing your authentication flow in the staging environment to verify:
- Token creation works correctly
- Access token authorizes API requests
- Token refresh is implemented
- Token expiration is handled gracefully