Skip to content

Bite API (v2)

Introduction

Overview

Bite exposes online ordering functionality through a REST API which third party developers can use to create applications on top of the Bite platform.

Bite Nomenclature

Customers

A Bite "Customer" represents a full end-user account created on Bite's platform. Customers can be created with a Bite password or can be authenticated against a Single Sign-On provider such as Paytronix or Punchh. Bite Customers have the following features:

  • A single set of credentials could be used to create completely different accounts under different brands that Bite works with.
  • Storing credit cards on file so that they could be used for future purchases.
  • Access to the customer's favorite ordered items and recent order history.
  • Storing delivery addresses on file for future purchases.

After creating or authenticating a Bite Customer through the API, a unique authentication token will be returned which can be used to refer to that user from that moment on without the need to store their password in your application.

Usage Basics

Environments

A dedicated sandbox environment will be provisioned for each new third-party developer. All development and testing must be carried out through that environment. It will include both an API sandbox as well as Admin Portal sandbox so that test locations could be modified by the developers for the purposes of testing their integration with Bite. The Sandbox environment runs the same code as production. https://YOUR_SANDBOX_SUB_DOMAIN.getbite.com/api

The production environment endpoint is: [REDACTED]

All communication must be encrypted over TLS 1.2

Request/Response Basics

Headers and Status Codes

https://<environment_domain>/<API_version>/<resource>?[params]

  • Bite API expects both the request and the response bodies to encoded with JSON, so both the HTTP Accept and Content-Type headers should be set to application/json.
  • HTTP Status Codes will be returned as follows:
    • 200 OK - The requested operation completed successfully!
    • 400 Bad Request - An error occurred on the Bite side or on the POS side. Please reference the response body's "code" value in the Bite Error Codes documentation.
    • 403 Forbidden - Invalid API credentials or insufficient access to a resource or operation.
    • 500 Server Error - An unexpected error occurred. Please verify that your request is correctly formatted.
  • Every API call must include the following headers:
    Header
    		DescriptionExample
    x-md-api-versionMust be set to 4x-md-api-version: 4
    x-bite-org-idMust be set to the brand id that you are working with. This value will be provided along with the sandbox environment.x-bite-org-id: 5fa31dc97acd2f0031e023eb
    x-customer-app-scopeMust be set to the brand's account scope. This value will be provided along with the sandbox environment.x-customer-app-scope: my-brand-scope
    AuthorizationMust be set to Bearer: API_TOKEN. The API_TOKEN will be provided along with the sandbox environment.Authorization: Bearer 2979c798-c901-4ceb-8478-3b26c24a998d
    User-AgentUnique user agent value that identifies the app. Please send this formatted as application_name/version.User-Agent: SomeApp/v1.2.3
    X-Device-IdUnique hardware identifier for the device.X-Device-Id: 993e0082-5bfd-4bbc-98ec-d13b50bbd54a

Response Structure

A success response structure will look as follows:

{
  success: true;
  data?: {...};
}

An error response structure will look as follows:

{
  success: false;
  code: number;
  message?: string;
  data?: {...};
}

Bite Error Codes

Any error response will contain an error code:

CodeMeaningSuggested Action
60Customer Password Already Used: The customer is trying to use a password they have previously used.
61Customer Token Invalid: The token has been malformed or has expired.Maybe the customer needs to log out and log in again because they've changed their password.
62Customer Account Not Verified: The customer resource being accessed requires a verified customer account.
63Customer Account Disabled: The specified customer account has been disabled by one of the brand admins.
64Customer Account Deleted: The specified customer account has been deleted by one of the brand admins.

Versioning and Compatibility

Please treat all IDs in the API as strings.

We will not remove properties from the current API version, but we do add new properties to return objects from time to time.

There is no guaranteed ordering of properties. We request that properties are accessed by name and not by index.

Please do not rely on error messages for logic. Error text may change periodically. Rather rely on error codes, which are guaranteed to not change.

Rate Limiting

Some API endpoints are protected through the use of rate limiting. The base rate limit can be found in the description of the API endpoint.

Information about the current usage can be found in the headers of the response:

  • Ratelimit-Limit: The amount of requests permitted
  • Ratelimit-Remaining: How many requests can be made in the interval
  • Ratelimit-Reset: How long, in seconds, until the rate-limit interval ends and the remaining amount of requests resets

The rate limit maximum is adjusted by the number of locations associated with the token. For example, if an API has a base rate limit of 50 requests per minute, then an organization with 10 locations may use the API endpoint 500 times per minute.

Changelog

2026-02-24

  • Updated definitions of openingHoursByFulfillmentMethod

2025-07-23

  • Updated security for Bite API Token based requests

2024-08-29

  • Added consentedToMarketing field to order

2024-01-22

  • Added section to ordered item schema

2024-01-03

  • More details regarding rate limiting

2023-11-07

  • Deprecated: POST /api/v2/reporting/orders/day
  • New Endpoint: GET /api/v2/reporting/orders/day/:date

2022-12-19

  • Updated rate limits of API calls
  • Reversed order of change log

2022-10-25

  • New endpoints:
    • POST /api/v2/reporting/orders/day
    • GET /api/v2/locations
  • Rate Limiting

2021-10-19

  • First Draft
Download OpenAPI description
bite-api-v2.json
bite-api-v2.yaml
Languages
Servers
Mock server
https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2
Sandbox
https://{sandboxApiSubDomain}.getbite.com/api

Account Management

Customer account signup/login and other CRUD operations.

Operations

Delivery Addresses

Management of saved delivery addresses on the customer account.

Operations

Order History

Past orders associated with the customer account.

Operations

Payment Methods

Management of saved payment methods on the customer account.

Operations

Get Payment Methods

Request

Returns the latest copy of all the saved payment methods associated with the customer's account.

Security
ApiKeySecurityScheme and CustomerAppScopeSecurityScheme and CustomerTokenSecurityScheme
Headers
x-md-api-versionstringrequired
Value"4"
x-bite-org-idstringrequired

The org ID you are working with.

x-bite-order-channelstring(OrderChannel)required

The order channel you are working with.

Enum"catering""flash""kiosk""linebuster""web"
curl -i -X GET \
  https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/customer/payment-methods \
  -H 'x-bite-order-channel: catering' \
  -H 'x-bite-org-id: string' \
  -H 'x-bite-public-key: YOUR_API_KEY_HERE' \
  -H 'x-customer-app-scope: YOUR_API_KEY_HERE' \
  -H 'x-customer-token: YOUR_API_KEY_HERE' \
  -H 'x-md-api-version: 4'

Responses

Success!

Bodyapplication/json
paymentMethodsArray of objects(CustomerPaymentMethod)required
paymentMethods[].​_idstringrequired

ID of the object

paymentMethods[].​last4stringrequired

Last 4 digits of the card on file

paymentMethods[].​expirationMonthinteger[ 0 .. 12 ]required
paymentMethods[].​expirationYearinteger[ 20 .. 50 ]required
paymentMethods[].​postalCodestring

The postal code of the card's billing address.

paymentMethods[].​cardSchemeIdinteger(int32)(CardSchemeId)required

Card brand:

  • 0 - Other
  • 1 - Visa
  • 2 - MasterCard
  • 3 - Maestro
  • 4 - AmEx
  • 5 - JCB
  • 6 - Diners
  • 7 - Discover
  • 12 - ChinaUnionPay
  • 1240 - Debit
  • 1241 - Interac
  • 10001 - SquareGiftCard
  • 10002 - SquareEftPos
  • 67101 - TCC
  • 67102 - LevelUpDiscount
  • 67103 - LevelUpGiftCard
  • 67104 - LevelUpCreditCard
  • 67105 - Givex
  • 67106 - Atrium
  • 67107 - Archer
  • 67108 - PinataStoredValue
  • 67109 - Valutec
  • 67110 - PaytronixGiftCard
  • 67111 - OLOGiftCard
  • 67112 - WorldpayGiftCard
  • 67113 - FreedomPayGiftCard
  • 67114 - EigenGiftCard
  • 67115 - ChoptDiscount
  • 67116 - ChoptGiftCard
  • 67117 - ChoptCreditCard
paymentMethods[].​nicknamestring(customer-payment-method_PropertyNickname)

The nickname for the saved payment method

paymentMethods[].​isDefaultboolean(PropertyIsDefault)

If this value is true, then no other delivery address associated with this customer account will be marked as isDefault=true.

Response
application/json
{
  "paymentMethods": [
    { … }
  ]
}

Update a Payment Method

Request

Update some simple fields on the specified payment method.

Security
ApiKeySecurityScheme and CustomerAppScopeSecurityScheme and CustomerTokenSecurityScheme
Path
paymentMethodIdstringrequired

The ID of the payment method that's being worked on.

Headers
x-md-api-versionstringrequired
Value"4"
x-bite-org-idstringrequired

The org ID you are working with.

x-bite-order-channelstring(OrderChannel)required

The order channel you are working with.

Enum"catering""flash""kiosk""linebuster""web"
Bodyapplication/jsonrequired
nicknamestring(customer-payment-method_PropertyNickname)

The nickname for the saved payment method

isDefaultboolean

If this value is set to true, then the previously default payment method on this customer's account will no longer be default.

curl -i -X PUT \
  'https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/customer/payment-methods/{paymentMethodId}' \
  -H 'Content-Type: application/json' \
  -H 'x-bite-order-channel: catering' \
  -H 'x-bite-org-id: string' \
  -H 'x-bite-public-key: YOUR_API_KEY_HERE' \
  -H 'x-customer-app-scope: YOUR_API_KEY_HERE' \
  -H 'x-customer-token: YOUR_API_KEY_HERE' \
  -H 'x-md-api-version: 4' \
  -d '{
    "nickname": "string",
    "isDefault": true
  }'

Responses

Success!

Bodyapplication/json
paymentMethodobject(CustomerPaymentMethod)required
paymentMethod.​_idstringrequired

ID of the object

paymentMethod.​last4stringrequired

Last 4 digits of the card on file

paymentMethod.​expirationMonthinteger[ 0 .. 12 ]required
paymentMethod.​expirationYearinteger[ 20 .. 50 ]required
paymentMethod.​postalCodestring

The postal code of the card's billing address.

paymentMethod.​cardSchemeIdinteger(int32)(CardSchemeId)required

Card brand:

  • 0 - Other
  • 1 - Visa
  • 2 - MasterCard
  • 3 - Maestro
  • 4 - AmEx
  • 5 - JCB
  • 6 - Diners
  • 7 - Discover
  • 12 - ChinaUnionPay
  • 1240 - Debit
  • 1241 - Interac
  • 10001 - SquareGiftCard
  • 10002 - SquareEftPos
  • 67101 - TCC
  • 67102 - LevelUpDiscount
  • 67103 - LevelUpGiftCard
  • 67104 - LevelUpCreditCard
  • 67105 - Givex
  • 67106 - Atrium
  • 67107 - Archer
  • 67108 - PinataStoredValue
  • 67109 - Valutec
  • 67110 - PaytronixGiftCard
  • 67111 - OLOGiftCard
  • 67112 - WorldpayGiftCard
  • 67113 - FreedomPayGiftCard
  • 67114 - EigenGiftCard
  • 67115 - ChoptDiscount
  • 67116 - ChoptGiftCard
  • 67117 - ChoptCreditCard
paymentMethod.​nicknamestring(customer-payment-method_PropertyNickname)

The nickname for the saved payment method

paymentMethod.​isDefaultboolean(PropertyIsDefault)

If this value is true, then no other delivery address associated with this customer account will be marked as isDefault=true.

Response
application/json
{
  "paymentMethod": {
    "_id": "string",
    "last4": "string",
    "expirationMonth": 12,
    "expirationYear": 20,
    "postalCode": "string",
    "cardSchemeId": 0,
    "nickname": "string",
    "isDefault": true
  }
}

Delete a Payment Method

Request

Deletes the specified payment method from the customer's account.

Security
ApiKeySecurityScheme and CustomerAppScopeSecurityScheme and CustomerTokenSecurityScheme
Path
paymentMethodIdstringrequired

The ID of the payment method that's being worked on.

Headers
x-md-api-versionstringrequired
Value"4"
x-bite-org-idstringrequired

The org ID you are working with.

x-bite-order-channelstring(OrderChannel)required

The order channel you are working with.

Enum"catering""flash""kiosk""linebuster""web"
curl -i -X DELETE \
  'https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/customer/payment-methods/{paymentMethodId}' \
  -H 'x-bite-order-channel: catering' \
  -H 'x-bite-org-id: string' \
  -H 'x-bite-public-key: YOUR_API_KEY_HERE' \
  -H 'x-customer-app-scope: YOUR_API_KEY_HERE' \
  -H 'x-customer-token: YOUR_API_KEY_HERE' \
  -H 'x-md-api-version: 4'

Responses

Success!

Push Tokens

Save mobile app push notification tokens on the customer account.

Operations

Pick a Location

Endpoints for picking a location from which to order.

Operations

Orders

Endpoints for ordering actions

Operations

Mobile App Config

Endpoints for getting the config bundle of a mobile app

Operations

Reporting

Endpoints for generating reports

Operations

Webhooks

Webhooks can be used to notify non-Bite systems of events happening at Bite. They can be configured by Bite employees at the organization level. They use pre-defined location groups to determine which locations the webhooks are active at.

Operations

Embedding Bite in a 3rd Party Mobile App