API Authentication
All Grubtech API requests must be authenticated. We support two authentication methods depending on your use case.
API Key Authentication
Best for server-to-server integrations. Include your API key in the request header:
curl -X GET https://api.grubtech.com/v1/orders \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"Generating API Keys
- Go to Settings → API Keys in your dashboard
- Click Create New Key
- Select the required permissions (scopes)
- Copy the key — it will only be shown once
Available Scopes
| Scope | Description |
|---|---|
orders:read | View orders |
orders:write | Create and update orders |
menu:read | View menu items |
menu:write | Update menu items |
stores:read | View store information |
stores:write | Update store settings |
analytics:read | Access analytics data |
OAuth 2.0
Best for third-party integrations where you need to act on behalf of a Grubtech user.
Authorization Flow
1. Redirect user to:
https://auth.grubtech.com/oauth/authorize?
client_id=YOUR_CLIENT_ID&
redirect_uri=YOUR_REDIRECT_URI&
response_type=code&
scope=orders:read menu:read
2. User approves access
3. Exchange code for token:
POST https://auth.grubtech.com/oauth/token
{
"grant_type": "authorization_code",
"code": "AUTH_CODE",
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"redirect_uri": "YOUR_REDIRECT_URI"
}
4. Use the access token:
Authorization: Bearer ACCESS_TOKENToken Refresh
Access tokens expire after 1 hour. Use the refresh token to get a new one:
POST https://auth.grubtech.com/oauth/token
{
"grant_type": "refresh_token",
"refresh_token": "YOUR_REFRESH_TOKEN",
"client_id": "YOUR_CLIENT_ID"
}Rate Limits
| Plan | Requests/minute | Requests/day |
|---|---|---|
| Starter | 60 | 10,000 |
| Professional | 300 | 100,000 |
| Enterprise | 1,000 | Unlimited |
When rate limited, you’ll receive a 429 Too Many Requests response with a Retry-After header.
Error Responses
{
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or expired API key",
"status": 401
}
}