Customer account signup/login and other CRUD operations.
Bite API (v2)
Overview
Bite exposes online ordering functionality through a REST API which third party developers can use to create applications on top of the Bite platform.
A Bite "Customer" represents a full end-user account created on Bite's platform. Customers can be created with a Bite password or can be authenticated against a Single Sign-On provider such as Paytronix or Punchh. Bite Customers have the following features:
- A single set of credentials could be used to create completely different accounts under different brands that Bite works with.
- Storing credit cards on file so that they could be used for future purchases.
- Access to the customer's favorite ordered items and recent order history.
- Storing delivery addresses on file for future purchases.
After creating or authenticating a Bite Customer through the API, a unique authentication token will be returned which can be used to refer to that user from that moment on without the need to store their password in your application.
A dedicated sandbox environment will be provisioned for each new third-party developer. All development and testing must be carried out through that environment. It will include both an API sandbox as well as Admin Portal sandbox so that test locations could be modified by the developers for the purposes of testing their integration with Bite. The Sandbox environment runs the same code as production. https://YOUR_SANDBOX_SUB_DOMAIN.getbite.com/api
The production environment endpoint is: [REDACTED]
All communication must be encrypted over TLS 1.2
https://<environment_domain>/<API_version>/<resource>?[params]
- Bite API expects both the request and the response bodies to encoded with JSON, so both the HTTP Accept and Content-Type headers should be set to application/json.
- HTTP Status Codes will be returned as follows:
- 200 OK - The requested operation completed successfully!
- 400 Bad Request - An error occurred on the Bite side or on the POS side. Please reference the response body's "code" value in the Bite Error Codes documentation.
- 403 Forbidden - Invalid API credentials or insufficient access to a resource or operation.
- 500 Server Error - An unexpected error occurred. Please verify that your request is correctly formatted.
- Every API call must include the following headers:Header
Description Example x-md-api-version Must be set to 4 x-md-api-version: 4 x-bite-org-id Must be set to the brand id that you are working with. This value will be provided along with the sandbox environment. x-bite-org-id: 5fa31dc97acd2f0031e023eb x-customer-app-scope Must be set to the brand's account scope. This value will be provided along with the sandbox environment. x-customer-app-scope: my-brand-scope Authorization Must be set to Bearer: API_TOKEN. The API_TOKEN will be provided along with the sandbox environment. Authorization: Bearer 2979c798-c901-4ceb-8478-3b26c24a998d User-Agent Unique user agent value that identifies the app. Please send this formatted as application_name/version. User-Agent: SomeApp/v1.2.3 X-Device-Id Unique hardware identifier for the device. X-Device-Id: 993e0082-5bfd-4bbc-98ec-d13b50bbd54a
A success response structure will look as follows:
{
success: true;
data?: {...};
}An error response structure will look as follows:
{
success: false;
code: number;
message?: string;
data?: {...};
}Any error response will contain an error code:
| Code | Meaning | Suggested Action |
|---|---|---|
| 60 | Customer Password Already Used: The customer is trying to use a password they have previously used. | |
| 61 | Customer Token Invalid: The token has been malformed or has expired. | Maybe the customer needs to log out and log in again because they've changed their password. |
| 62 | Customer Account Not Verified: The customer resource being accessed requires a verified customer account. | |
| 63 | Customer Account Disabled: The specified customer account has been disabled by one of the brand admins. | |
| 64 | Customer Account Deleted: The specified customer account has been deleted by one of the brand admins. |
Please treat all IDs in the API as strings.
We will not remove properties from the current API version, but we do add new properties to return objects from time to time.
There is no guaranteed ordering of properties. We request that properties are accessed by name and not by index.
Please do not rely on error messages for logic. Error text may change periodically. Rather rely on error codes, which are guaranteed to not change.
Some API endpoints are protected through the use of rate limiting. The base rate limit can be found in the description of the API endpoint.
Information about the current usage can be found in the headers of the response:
- Ratelimit-Limit: The amount of requests permitted
- Ratelimit-Remaining: How many requests can be made in the interval
- Ratelimit-Reset: How long, in seconds, until the rate-limit interval ends and the remaining amount of requests resets
The rate limit maximum is adjusted by the number of locations associated with the token. For example, if an API has a base rate limit of 50 requests per minute, then an organization with 10 locations may use the API endpoint 500 times per minute.
2026-02-24
- Updated definitions of openingHoursByFulfillmentMethod
2025-07-23
- Updated security for Bite API Token based requests
2024-08-29
- Added
consentedToMarketingfield to order
2024-01-22
- Added section to ordered item schema
2024-01-03
- More details regarding rate limiting
2023-11-07
- Deprecated:
POST /api/v2/reporting/orders/day - New Endpoint:
GET /api/v2/reporting/orders/day/:date
2022-12-19
- Updated rate limits of API calls
- Reversed order of change log
2022-10-25
- New endpoints:
- POST /api/v2/reporting/orders/day
- GET /api/v2/locations
- Rate Limiting
2021-10-19
- First Draft
Download OpenAPI description
Languages
Servers
Mock server
https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2
Sandbox
https://{sandboxApiSubDomain}.getbite.com/api
Security
ApiKeySecurityScheme and CustomerAppScopeSecurityScheme and CustomerTokenSecurityScheme
- Mock serverhttps://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/customer/orders
- Sandboxhttps://YOUR_SANDBOX_SUB_DOMAIN.getbite.com/api/v2/customer/orders
- curl
- Node.js
- JavaScript
curl -i -X GET \
https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/customer/orders \
-H 'x-bite-order-channel: catering' \
-H 'x-bite-org-id: string' \
-H 'x-bite-public-key: YOUR_API_KEY_HERE' \
-H 'x-customer-app-scope: YOUR_API_KEY_HERE' \
-H 'x-customer-token: YOUR_API_KEY_HERE' \
-H 'x-md-api-version: 4'Success!
ID of the order (provided by the client). Used to achieve idempotency.
The ID of the location (in the specified org) at which the customer placed the order.
The Unix timestamp for when the order was started on the client.
Length of the guest session duration from the start of their ordering experience. This should be measured in milliseconds.
The ID of the menu structure that was presented to the guest.
Denotes languages supported by the Bite platform.
en-us- English (USA)fr-ca- French (Canada)es-us- Spanish (USA)zh-cn- Chinese (Simplified, PRC)ja-jp- Japanese (Japan)ko-kr- Korean (South Korea)pt-br- Portuguese (Brazil)ko-kr- Korean (South Korea)
Enum"en-us""fr-ca""es-us""zh-cn""ja-jp""ko-kr""pt-br"
ID of the customer (if they were logged in) who placed the order. Only available for non-kiosk orders.
True if the guest explicitly opted out of facial recognition on the kiosk.
Denotes the ordering channel through which orders are placed:
catering- Catering Websiteflash- Contactless (QR-code)kiosk- Kiosklinebuster- Linebusterweb- Online Ordering Website
Enum"catering""flash""kiosk""linebuster""web"
The fulfillment method for this order.
- Web only:
20- In-Store Pickup21- Dine In22- Curbside Pickup23- Outpost24- Delivery
- Catering only:
30- In-Store Pickup31- Dine In32- Curbside Pickup33- Outpost34- Delivery
The Unix timestamp for the ready time of a future order. ASAP orders will not have this property. If this is a pickup order, then this will denote the time by which the order is ready to be picked up from the store. If this is a delivery order, then this will denote the time by which the order should be delivered.
The delivery address for this order. This value is required if this is a delivery address.
A short string with delivery instructions.
The vehicle to which a curbside order could be delivered to.
Number of the table or table tent that the order is associated with.
The description of the outpost that this order was delivered to for the guest to pick up. This field will be present if fulfillmentMethod is an outpost one.
This field will be present if the location is configured to ask the guest whether they want utensils to be included with their order. This information will then be conveyed to the POS.
Order Payment Destination:
- Kiosk only:
1- Paid with card(s) on the kiosk3- Paid at the cashier
Name of the menu item as it appeared on the menu.
Value of the barcode that was scanned at the kiosk to add this menu item to the order.
The menu section section from which this menu item was ordered.
A special request that the guest added for this menu item. The max length of this field depends on the specific POS.
Name of the screen from which this menu item was added to the order if it was a recommendation.
The price option of the menu item that was ordered.
ID of the ordered price option.
Name of the price option as it appeared on the menu
orders[].​orderedItems[].​priceOption.​quantityinteger(int32)(OrderedPriceOptionQuantity)>= 1required
Quantity of the menu item ordered.
Sale unit:
0- single unit2- pounds3- ounces
orders[].​orderedItems[].​priceOption.​unitPriceinteger(int32)(OrderedPriceOptionUnitPrice)required
Price of a single unit of the menu item in cents (given the ordered price option).
Final price of the item (in cents) that accounts for quantity but not including any priced modifiers.
The comma separated PLUs of the menu item's price option that can be converted to a barcode (e.g. UPC-A).
The amount discounted from the order sub total in cents.
The amount of tax collected on the order in cents.
The sum of all the service charges added to the order in cents.
A list of all the service charges added to the order. If this property is available, then serviceChargeTotal is definitely available on the order. However, this property may not be available even if there is a serviceChargeTotal because not every POS will provide a breakdown of the service charges.
The total amount that the guest paid in cents. This number includes the tip.
The location's unique 4-letter short code.
The location's unique slug that's used in the location's web ordering url.
The location's unique ID in a third-party system. Only available if the value is set in Bite Admin.
The location's phone number, formatted as a 10-digit string.
The location's geo-coordinates (long, lat).
The location's full physical address.
Two-letter abbreviation for the state or province.
orders[].​location.​availableDiningOptionsArray of objects(AvailableDiningOptionsProperty)non-emptyrequired
A list of enabled dining options with associated opening hours for each one.
orders[].​location.​availableDiningOptions[].​fulfillmentMethodinteger(int32)(fulfillment-method_FulfillmentMethod)required
Fulfillment Method:
- Web only:
20- In-Store Pickup21- Dine In22- Curbside Pickup23- Outpost24- Delivery
- Catering only:
30- In-Store Pickup31- Dine In32- Curbside Pickup33- Outpost34- Delivery
True if ASAP orders can be placed at this location with this fulfillment method; false otherwise. If this is false, then futureOrdersEnabled has to be true.
True if future orders can be placed at this location with this fulfillment method; false otherwise. If this is false, then asapOrdersEnabled has to be true.
Opening hours for this dining option, broken down by day of the week.
Response
application/json
{ "orders": [ { … } ] }