RETM | REST API
    RETM | REST API
    • Developer guide
    • New to our DevPortal 🤔
    • Authentication
      • Token
        POST
    • Webhook
      • Overview
      • Invoice Webhooks
        • Webhook Events
        • Invoice Created
      • Orders Webhooks
        • Webhook Events
        • Order Triggeres
      • Menu Webhooks
        • Menu Updates
        • Menu Changed
      • Loyalty Webhooks
        • Promotional Coupon
        • Check Reward
        • Redeem Reward
      • Customer webhook
        • Customer Data
        • Customer hook
      • Error webhook
        • Stay Alert to Connectivity Issues
        • Error webhook
    • Orders
      • Orders
        GET
      • Create Order
        POST
      • Cancel Order
        POST
      • Update delivery order status
        POST
    • Menu
      • Categories
        • List Categories
        • Single Categoy
      • Products
        • Products
        • Single Product
        • Simple List
      • Menu
        GET
    • Branches
      • Branches
        GET
    • Devices
      • Devices
        GET
    • Order type
      • Order types
        GET
      • Create order type
        POST
    • Price Lists
      • Price Lists
        GET
    • Payment Methods
      • Payment methods
      • Create pay method
    • Order Charges
      • order charges
      • Create order charges
    • Taxes
      • Tax list
      • Create tax
    • Customers
      • Customers

    Authentication

    Authentication and Restaurant Access#

    RETM APIs employ OAuth 2.0 with the client-credentials grant type to safeguard access to sensitive resources. This ensures that only authorized applications can interact with protected data. To access these resources, include a valid OAuth 2.0 bearer authentication token within the Authorization header of your HTTP requests.

    Understanding Authentication Tokens#

    What they are: Authentication tokens are encoded text strings that serve as proof of authorization for your application.
    How to obtain them: To acquire a token, make a POST request to the /api/oAuth/token endpoint of the authentication API. Include your client ID and client secret within the request body.
    Validity period: Tokens have a finite lifespan, determined by the specific RETM API environment you're using. The authentication API's response will specify the token's expiration time.
    Renewing expired tokens: Upon expiration, you'll need to fetch a new token from the authentication API.

    Securing Your Credentials#

    Importance of security: API credentials hold the keys to sensitive information; therefore, their secure storage is paramount.
    Compromised credentials: If your credentials are exposed, the RETM integrations team will swiftly deactivate them and issue new ones to maintain security.

    Best Practices for Credential Storage:#

    Do not store credentials in plain text: Avoid saving credentials in human-readable formats within code, configuration files, or logs.
    Utilize secure storage mechanisms: Employ encrypted storage or secrets management services to safeguard credentials.
    Minimize access: Restrict access to credentials to authorized personnel and processes only.
    Regularly review and update security measures: Stay vigilant and proactively address potential vulnerabilities.
    By adhering to these guidelines, you can effectively protect your RETM API credentials and ensure the confidentiality and integrity of sensitive data.
    Modified at 2023-12-24 22:47:16
    Previous
    New to our DevPortal 🤔
    Next
    Token
    Built with