Skip to main content
POST
/
auth
Generate access token
curl --request POST \
  --url https://integrations.clopos.com/open-api/auth \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_id": "your_client_id",
  "client_secret": "your_client_secret",
  "brand": "your_brand",
  "venue_id": "your_venue_id"
}
'
{
  "token": "at_live_1234567890abcdef1234567890abcdef",
  "expires_in": 3600
}

Purpose

Exchange your client credentials for a short-lived access token that authorizes all other API requests.

HTTP Request

POST https://integrations.clopos.com/open-api/auth

Request Example

curl --location "https://integrations.clopos.com/open-api/auth" \
  -H "Content-Type: application/json" \
  -d '{
        "client_id": "your_client_id",
        "client_secret": "your_client_secret",
        "brand": "your_brand",
        "venue_id": "your_venue_id"
      }'

Response

200 OK — Token issued

{
  "success": true,
  "token": "oauth_ZH5YQZp1mN987w0fI6HfONisbrF1GX3wujdjIQRT4Eo7rSq7ZbE0GfGyjIw0vOUP",
  "token_type": "Bearer",
  "expires_in": 3600
}

401 Unauthorized — Invalid credentials

{
  "success": false,
  "error": "authentication_failed",
  "message": "Invalid credentials"
}

Required Headers for Subsequent Requests

After retrieving the token, include these headers on every call (except /auth): 
x-token: oauth_ZH5YQZp1mN987w0fI6HfONisbrF1GX3wujdjIQRT4Eo7rSq7ZbE0GfGyjIw0vOUP
x-brand: openapitest
x-venue: 1
HeaderDescription
x-tokenAccess token returned by this endpoint.
x-brandBrand identifier you are operating against.
x-venueVenue identifier for the location you manage.

Notes

  • Tokens expire after expires_in seconds (default: 3600). Refresh them proactively to avoid downtime.
  • Requests to /auth do not require authentication headers; all other endpoints do.
  • If you exceed rate limits or enter invalid credentials repeatedly, the endpoint may temporarily lock further attempts.
  • Store secrets securely and rotate credentials according to your security policies.

Body

application/json

API credentials

client_id
string
required

Your client ID

Example:

"eNUKI04aYJRU6TBhh5bwUrvmEORgQoxM"

client_secret
string
required

Your client secret

Example:

"dqYkWUpDjzvKOgbP3ar8tSNKJbwMyYe1V5R7DHClfSNYkap5C5XxRA6PmzoPv1I2"

brand
string
required

Brand identifier

Example:

"openapitest"

venue_id
string
required

Venue identifier

Example:

"1"

Response

Token generated successfully

token
string

Access token for API requests

Example:

"at_live_1234567890abcdef1234567890abcdef"

expires_in
integer

Token expiration time in seconds

Example:

3600