Skip to main content

Preliminary steps


Managing credentials

Prior to utilizing our API endpoints, you must first get the essential credentials tailored to your needs. This entails acquiring an API key and send us a authentication Bearer token for POS API v1 and Partners API, while for B2B API an Auth0 credentials flow authentication is involved in the process.


API key / Bearer token flow

The API key is used for authorization purpose of our POS API v1 and Partners API. You must add its value as the X-Api-Key parameter within the header, like the following example:

API_KEY='Your API Key'

curl --request PUT \
--url https://api.thefork.io/pos/v1/orders/${ORDER_UUID} \
--header 'accept: application/json' \
--header "X-Api-Key: ${API_KEY}" \
--header 'content-type: application/json' \
--json '{.......}'

Obtain API key

To obtain your credentials, you can contact our integrations team at integrations [at] thefork.com. Please include your company name and a brief description of your use case to speed up the approval process.


Auth0 flow

In order to access the B2B API, we will send you through a safe channel a client_id and client_secret. These 2 data will be used to call our endpoint https://auth.thefork.io/oauth/token in order to generate a new access_token (available in the response), needed to call our API endpoints. The following example shows the call parameters:

curl -X POST \
 https://auth.thefork.io/oauth/token \
    -d 'audience=https://api.thefork.io&grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET'
note

This token expires after 8600 seconds. When it does, repeat this process to get a new token.

warning

Please do not request a new token if the previous is not expired as it will overload the system with unused tokens

In order to call the API endpoints, please insert your access_token into the headers of your request as follows:

curl https://api.thefork.io/manager/{version}/{path} \
    -H 'Authorization: Bearer <access_token>'