Skip to content

Bite API (v2)

Introduction

Overview

Bite exposes online ordering functionality through a REST API which third party developers can use to create applications on top of the Bite platform.

Bite Nomenclature

Customers

A Bite "Customer" represents a full end-user account created on Bite's platform. Customers can be created with a Bite password or can be authenticated against a Single Sign-On provider such as Paytronix or Punchh. Bite Customers have the following features:

  • A single set of credentials could be used to create completely different accounts under different brands that Bite works with.
  • Storing credit cards on file so that they could be used for future purchases.
  • Access to the customer's favorite ordered items and recent order history.
  • Storing delivery addresses on file for future purchases.

After creating or authenticating a Bite Customer through the API, a unique authentication token will be returned which can be used to refer to that user from that moment on without the need to store their password in your application.

Usage Basics

Environments

A dedicated sandbox environment will be provisioned for each new third-party developer. All development and testing must be carried out through that environment. It will include both an API sandbox as well as Admin Portal sandbox so that test locations could be modified by the developers for the purposes of testing their integration with Bite. The Sandbox environment runs the same code as production. https://YOUR_SANDBOX_SUB_DOMAIN.getbite.com/api

The production environment endpoint is: [REDACTED]

All communication must be encrypted over TLS 1.2

Request/Response Basics

Headers and Status Codes

https://<environment_domain>/<API_version>/<resource>?[params]

  • Bite API expects both the request and the response bodies to encoded with JSON, so both the HTTP Accept and Content-Type headers should be set to application/json.
  • HTTP Status Codes will be returned as follows:
    • 200 OK - The requested operation completed successfully!
    • 400 Bad Request - An error occurred on the Bite side or on the POS side. Please reference the response body's "code" value in the Bite Error Codes documentation.
    • 403 Forbidden - Invalid API credentials or insufficient access to a resource or operation.
    • 500 Server Error - An unexpected error occurred. Please verify that your request is correctly formatted.
  • Every API call must include the following headers:
    Header
    		DescriptionExample
    x-md-api-versionMust be set to 4x-md-api-version: 4
    x-bite-org-idMust be set to the brand id that you are working with. This value will be provided along with the sandbox environment.x-bite-org-id: 5fa31dc97acd2f0031e023eb
    x-customer-app-scopeMust be set to the brand's account scope. This value will be provided along with the sandbox environment.x-customer-app-scope: my-brand-scope
    AuthorizationMust be set to Bearer: API_TOKEN. The API_TOKEN will be provided along with the sandbox environment.Authorization: Bearer 2979c798-c901-4ceb-8478-3b26c24a998d
    User-AgentUnique user agent value that identifies the app. Please send this formatted as application_name/version.User-Agent: SomeApp/v1.2.3
    X-Device-IdUnique hardware identifier for the device.X-Device-Id: 993e0082-5bfd-4bbc-98ec-d13b50bbd54a

Response Structure

A success response structure will look as follows:

{
  success: true;
  data?: {...};
}

An error response structure will look as follows:

{
  success: false;
  code: number;
  message?: string;
  data?: {...};
}

Bite Error Codes

Any error response will contain an error code:

CodeMeaningSuggested Action
60Customer Password Already Used: The customer is trying to use a password they have previously used.
61Customer Token Invalid: The token has been malformed or has expired.Maybe the customer needs to log out and log in again because they've changed their password.
62Customer Account Not Verified: The customer resource being accessed requires a verified customer account.
63Customer Account Disabled: The specified customer account has been disabled by one of the brand admins.
64Customer Account Deleted: The specified customer account has been deleted by one of the brand admins.

Versioning and Compatibility

Please treat all IDs in the API as strings.

We will not remove properties from the current API version, but we do add new properties to return objects from time to time.

There is no guaranteed ordering of properties. We request that properties are accessed by name and not by index.

Please do not rely on error messages for logic. Error text may change periodically. Rather rely on error codes, which are guaranteed to not change.

Rate Limiting

Some API endpoints are protected through the use of rate limiting. The base rate limit can be found in the description of the API endpoint.

Information about the current usage can be found in the headers of the response:

  • Ratelimit-Limit: The amount of requests permitted
  • Ratelimit-Remaining: How many requests can be made in the interval
  • Ratelimit-Reset: How long, in seconds, until the rate-limit interval ends and the remaining amount of requests resets

The rate limit maximum is adjusted by the number of locations associated with the token. For example, if an API has a base rate limit of 50 requests per minute, then an organization with 10 locations may use the API endpoint 500 times per minute.

Changelog

2026-02-24

  • Updated definitions of openingHoursByFulfillmentMethod

2025-07-23

  • Updated security for Bite API Token based requests

2024-08-29

  • Added consentedToMarketing field to order

2024-01-22

  • Added section to ordered item schema

2024-01-03

  • More details regarding rate limiting

2023-11-07

  • Deprecated: POST /api/v2/reporting/orders/day
  • New Endpoint: GET /api/v2/reporting/orders/day/:date

2022-12-19

  • Updated rate limits of API calls
  • Reversed order of change log

2022-10-25

  • New endpoints:
    • POST /api/v2/reporting/orders/day
    • GET /api/v2/locations
  • Rate Limiting

2021-10-19

  • First Draft
Download OpenAPI description
bite-api-v2.json
bite-api-v2.yaml
Languages
Servers
Mock server
https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2
Sandbox
https://{sandboxApiSubDomain}.getbite.com/api

Account Management

Customer account signup/login and other CRUD operations.

Operations

Sign Up for a Customer Account

Request

Creates a new customer account that can be used for storing payment methods, delivery addresses and past orders.

Security
ApiKeySecurityScheme and CustomerAppScopeSecurityScheme
Headers
x-md-api-versionstringrequired
Value"4"
x-bite-org-idstringrequired

The org ID you are working with.

x-bite-order-channelstring(OrderChannel)required

The order channel you are working with.

Enum"catering""flash""kiosk""linebuster""web"
Bodyapplication/jsonrequired
emailstring(email)(PropertyEmail)required

The email addressed used when the customer signed up for an account. Must a valid RFC email address.

passwordstring(password)required

Password to be used to log into the customer account.

firstNamestring(PropertyFirstName)required

The customer's first name.

lastNamestring(PropertyLastName)required

The customer's last name.

phoneNumberstring(PropertyPhoneNumber)

The customer's phone number. Must be a valid phone number under the North American Numbering Plan. Must be formatted as a string of 10 digits.

orderIdstring

The id of the order that was just placed by an anonymous guest. If specified, the new customer account will save this order to its order history.

curl -i -X POST \
  https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/customer/signup \
  -H 'Content-Type: application/json' \
  -H 'x-bite-order-channel: catering' \
  -H 'x-bite-org-id: string' \
  -H 'x-bite-public-key: YOUR_API_KEY_HERE' \
  -H 'x-customer-app-scope: YOUR_API_KEY_HERE' \
  -H 'x-md-api-version: 4' \
  -d '{
    "email": "user@example.com",
    "password": "pa$$word",
    "firstName": "string",
    "lastName": "string",
    "phoneNumber": "string",
    "orderId": "string"
  }'

Responses

Success!

Bodyapplication/json
messagestringrequired

A message informing the customer about any next steps, such as having to check their email in order to verify their account.

Response
application/json
{
  "message": "string"
}

Log In to a Customer Account

Request

Logs into an existing customer account.

Security
ApiKeySecurityScheme and CustomerAppScopeSecurityScheme
Headers
x-md-api-versionstringrequired
Value"4"
x-bite-org-idstringrequired

The org ID you are working with.

x-bite-order-channelstring(OrderChannel)required

The order channel you are working with.

Enum"catering""flash""kiosk""linebuster""web"
Bodyapplication/jsonrequired
emailstring(PropertyFirstName)required

The customer's first name.

passwordstring(password)required

The password associated with the customer's account.

curl -i -X POST \
  https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/customer/login \
  -H 'Content-Type: application/json' \
  -H 'x-bite-order-channel: catering' \
  -H 'x-bite-org-id: string' \
  -H 'x-bite-public-key: YOUR_API_KEY_HERE' \
  -H 'x-customer-app-scope: YOUR_API_KEY_HERE' \
  -H 'x-md-api-version: 4' \
  -d '{
    "email": "string",
    "password": "pa$$word"
  }'

Responses

Success!

Bodyapplication/json
tokenstringrequired

The auth token that will be used to authenticate the customer going forward as part of the CustomerTokenSecurityScheme.

customerobject(Customer)required
customer.​_idstringrequired

Customer ID

customer.​stateinteger(int32)required

The state of the customer account:

  • 0 - Unverified
  • 1 - Enabled
  • 2 - Disabled
  • 3 - Deleted
customer.​emailstring(email)(PropertyEmail)required

The email addressed used when the customer signed up for an account. Must a valid RFC email address.

customer.​scopestringrequired

The brand's account scope.

Example: "my-brand-scope"
customer.​firstNamestring(PropertyFirstName)required

The customer's first name.

customer.​lastNamestring(PropertyLastName)required

The customer's last name.

customer.​phoneNumberstring(PropertyPhoneNumber)

The customer's phone number. Must be a valid phone number under the North American Numbering Plan. Must be formatted as a string of 10 digits.

Response
application/json
{
  "token": "string",
  "customer": {
    "_id": "string",
    "state": 0,
    "email": "user@example.com",
    "scope": "my-brand-scope",
    "firstName": "string",
    "lastName": "string",
    "phoneNumber": "string"
  }
}

Reset Password

Request

Reset password for an existing customer account identified by the email address. If the customer account is found, an reset password email will be sent so that the user can finish the password reset process. The response from the API is the same regardless of whether the account was found.

Security
ApiKeySecurityScheme and CustomerAppScopeSecurityScheme
Headers
x-md-api-versionstringrequired
Value"4"
x-bite-org-idstringrequired

The org ID you are working with.

x-bite-order-channelstring(OrderChannel)required

The order channel you are working with.

Enum"catering""flash""kiosk""linebuster""web"
Bodyapplication/jsonrequired
emailstring(email)(PropertyEmail)required

The email addressed used when the customer signed up for an account. Must a valid RFC email address.

curl -i -X POST \
  https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/customer/reset-password \
  -H 'Content-Type: application/json' \
  -H 'x-bite-order-channel: catering' \
  -H 'x-bite-org-id: string' \
  -H 'x-bite-public-key: YOUR_API_KEY_HERE' \
  -H 'x-customer-app-scope: YOUR_API_KEY_HERE' \
  -H 'x-md-api-version: 4' \
  -d '{
    "email": "user@example.com"
  }'

Responses

Success!

Bodyapplication/json
messagestringrequired

A message informing the customer about any next steps, such as having to check their email in order to finish the password reset process.

Response
application/json
{
  "message": "string"
}

Delivery Addresses

Management of saved delivery addresses on the customer account.

Operations

Order History

Past orders associated with the customer account.

Operations

Payment Methods

Management of saved payment methods on the customer account.

Operations

Push Tokens

Save mobile app push notification tokens on the customer account.

Operations

Pick a Location

Endpoints for picking a location from which to order.

Operations

Orders

Endpoints for ordering actions

Operations

Mobile App Config

Endpoints for getting the config bundle of a mobile app

Operations

Reporting

Endpoints for generating reports

Operations

Webhooks

Webhooks can be used to notify non-Bite systems of events happening at Bite. They can be configured by Bite employees at the organization level. They use pre-defined location groups to determine which locations the webhooks are active at.

Operations

Embedding Bite in a 3rd Party Mobile App