Preliminary steps

Managing credentials

Prior to utilizing our API endpoints, you must first get the essential credentials tailored to your needs. This entails acquiring an API key and send us a authentication Bearer token for POS API v1 and Partners API, while for B2B API an Auth0 credentials flow authentication is involved in the process.

API key / Bearer token flow

POS to TheFork

The API key is used for authorization purpose of our POS API v1 and Partners API. You must add its value as the X-Api-Key parameter within the header, like the following example:

API_KEY='Your API Key'

curl --request PUT \
--url https://api.thefork.io/pos/v1/orders/${ORDER_UUID} \
--header 'accept: application/json' \
--header "X-Api-Key: ${API_KEY}" \
--header 'content-type: application/json' \
--json '{.......}'

In order to get the API key, you have to follow these steps:

Sign-up on the The Fork Developer Portal

1. First, create your account on The Fork Developer Portal
2. We will approve the creation of the new account, and you will be notified via email

Create a new TheFork API key

1. Login to The Fork Developer Dashboard with your credentials
2. Create the new key by clicking the “CREATE API CREDENTIAL” button
3. Save the key value on your side

TheFork to POS

On your side you have to generate a secret token (later referred as oauthClientSecret), used as Bearer token for all the calls that we will perform to the POS system. We also specify the restaurant identifier as context of the operation using the header field CustomerId.

All API calls made by TheFork to the POS will contain the following headers:

{
    "Content-Type": "application/json",
    "Authorization": "Bearer ${oauthClientSecret}",
    "CustomerId": "849cc863-4409-4e2e-b437-9e0567b06528"
}

Auth0 flow

In order to access the B2B API, we will send you through a safe channel a client_id and client_secret. These 2 data will be used to call our endpoint https://auth.thefork.io/oauth/token in order to generate a new access_token (available in the response), needed to call our API endpoints. The following example shows the call parameters:

curl -X POST \
 https://auth.thefork.io/oauth/token \
    -d 'audience=https://api.thefork.io&grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET'

note

This token expires after 8600 seconds. When it does, repeat this process to get a new token.

warning

Please do not request a new token if the previous is not expired as it will overload the system with unused tokens

In order to call the API endpoints, please insert your access_token into the headers of your request as follows:

curl https://api.thefork.io/manager/{version}/{path} \
    -H 'Authorization: Bearer <access_token>'

Testing environment

In order to test your implementation, we first need to create a test restaurant on our side, identified by a CustomerId value that we’ll send to you in order to link our restaurant instance to your POS instance, so when we open the order by calling your webhook (add the link), you know to whom the order belongs. This step will be managed internally by our staff and when you have completed the step to create your POS instance as described here (add the link), we’ll able to link the restaurant to the POS.