Skip to content

Bite API (v2)

Introduction

Overview

Bite exposes online ordering functionality through a REST API which third party developers can use to create applications on top of the Bite platform.

Bite Nomenclature

Customers

A Bite "Customer" represents a full end-user account created on Bite's platform. Customers can be created with a Bite password or can be authenticated against a Single Sign-On provider such as Paytronix or Punchh. Bite Customers have the following features:

  • A single set of credentials could be used to create completely different accounts under different brands that Bite works with.
  • Storing credit cards on file so that they could be used for future purchases.
  • Access to the customer's favorite ordered items and recent order history.
  • Storing delivery addresses on file for future purchases.

After creating or authenticating a Bite Customer through the API, a unique authentication token will be returned which can be used to refer to that user from that moment on without the need to store their password in your application.

Usage Basics

Environments

A dedicated sandbox environment will be provisioned for each new third-party developer. All development and testing must be carried out through that environment. It will include both an API sandbox as well as Admin Portal sandbox so that test locations could be modified by the developers for the purposes of testing their integration with Bite. The Sandbox environment runs the same code as production. https://YOUR_SANDBOX_SUB_DOMAIN.getbite.com/api

The production environment endpoint is: [REDACTED]

All communication must be encrypted over TLS 1.2

Request/Response Basics

Headers and Status Codes

https://<environment_domain>/<API_version>/<resource>?[params]

  • Bite API expects both the request and the response bodies to encoded with JSON, so both the HTTP Accept and Content-Type headers should be set to application/json.
  • HTTP Status Codes will be returned as follows:
    • 200 OK - The requested operation completed successfully!
    • 400 Bad Request - An error occurred on the Bite side or on the POS side. Please reference the response body's "code" value in the Bite Error Codes documentation.
    • 403 Forbidden - Invalid API credentials or insufficient access to a resource or operation.
    • 500 Server Error - An unexpected error occurred. Please verify that your request is correctly formatted.
  • Every API call must include the following headers:
    Header
    		DescriptionExample
    x-md-api-versionMust be set to 4x-md-api-version: 4
    x-bite-org-idMust be set to the brand id that you are working with. This value will be provided along with the sandbox environment.x-bite-org-id: 5fa31dc97acd2f0031e023eb
    x-customer-app-scopeMust be set to the brand's account scope. This value will be provided along with the sandbox environment.x-customer-app-scope: my-brand-scope
    AuthorizationMust be set to Bearer: API_TOKEN. The API_TOKEN will be provided along with the sandbox environment.Authorization: Bearer 2979c798-c901-4ceb-8478-3b26c24a998d
    User-AgentUnique user agent value that identifies the app. Please send this formatted as application_name/version.User-Agent: SomeApp/v1.2.3
    X-Device-IdUnique hardware identifier for the device.X-Device-Id: 993e0082-5bfd-4bbc-98ec-d13b50bbd54a

Response Structure

A success response structure will look as follows:

{
  success: true;
  data?: {...};
}

An error response structure will look as follows:

{
  success: false;
  code: number;
  message?: string;
  data?: {...};
}

Bite Error Codes

Any error response will contain an error code:

CodeMeaningSuggested Action
60Customer Password Already Used: The customer is trying to use a password they have previously used.
61Customer Token Invalid: The token has been malformed or has expired.Maybe the customer needs to log out and log in again because they've changed their password.
62Customer Account Not Verified: The customer resource being accessed requires a verified customer account.
63Customer Account Disabled: The specified customer account has been disabled by one of the brand admins.
64Customer Account Deleted: The specified customer account has been deleted by one of the brand admins.

Versioning and Compatibility

Please treat all IDs in the API as strings.

We will not remove properties from the current API version, but we do add new properties to return objects from time to time.

There is no guaranteed ordering of properties. We request that properties are accessed by name and not by index.

Please do not rely on error messages for logic. Error text may change periodically. Rather rely on error codes, which are guaranteed to not change.

Rate Limiting

Some API endpoints are protected through the use of rate limiting. The base rate limit can be found in the description of the API endpoint.

Information about the current usage can be found in the headers of the response:

  • Ratelimit-Limit: The amount of requests permitted
  • Ratelimit-Remaining: How many requests can be made in the interval
  • Ratelimit-Reset: How long, in seconds, until the rate-limit interval ends and the remaining amount of requests resets

The rate limit maximum is adjusted by the number of locations associated with the token. For example, if an API has a base rate limit of 50 requests per minute, then an organization with 10 locations may use the API endpoint 500 times per minute.

Changelog

2026-02-24

  • Updated definitions of openingHoursByFulfillmentMethod

2025-07-23

  • Updated security for Bite API Token based requests

2024-08-29

  • Added consentedToMarketing field to order

2024-01-22

  • Added section to ordered item schema

2024-01-03

  • More details regarding rate limiting

2023-11-07

  • Deprecated: POST /api/v2/reporting/orders/day
  • New Endpoint: GET /api/v2/reporting/orders/day/:date

2022-12-19

  • Updated rate limits of API calls
  • Reversed order of change log

2022-10-25

  • New endpoints:
    • POST /api/v2/reporting/orders/day
    • GET /api/v2/locations
  • Rate Limiting

2021-10-19

  • First Draft
Download OpenAPI description
bite-api-v2.json
bite-api-v2.yaml
Languages
Servers
Mock server
https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2
Sandbox
https://{sandboxApiSubDomain}.getbite.com/api

Account Management

Customer account signup/login and other CRUD operations.

Operations

Delivery Addresses

Management of saved delivery addresses on the customer account.

Operations

Order History

Past orders associated with the customer account.

Operations

Payment Methods

Management of saved payment methods on the customer account.

Operations

Push Tokens

Save mobile app push notification tokens on the customer account.

Operations

Pick a Location

Endpoints for picking a location from which to order.

Operations

Get All Locations

Request

Returns all the locations that are available to the bearer token. Requires an API token with the "Locations" or "Reporting" scope. The base rate limit of an organization with one location is 75 requests per 10 minutes.

Security
BearerAuthApiTokenSecurityScheme
Query
pageinteger(int32)>= 0
limitinteger(int32)[ 1 .. 50 ]
Headers
x-md-api-versionstringrequired
Value"4"
curl -i -X GET \
  'https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/locations?page=0&limit=1' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'x-md-api-version: 4'

Responses

Success!

Bodyapplication/json
successboolean
dataArray of objects
Response
application/json
{
  "success": true,
  "data": [
    { … }
  ]
}

Search Locations

Request

Returns all the locations that match the search query. If one of the fulfillment methods is delivery, then locations that won't deliver to the specified address will be filtered out of the search results. You must provide either the address or the lat/long parameters.

Security
ApiKeySecurityScheme
Query
fulfillmentMethodsArray of integers(int32)(fulfillment-method_FulfillmentMethod)non-emptyrequired

The user's chosen fulfillment methods for their order. Only locations that support one of these methods will be returned.

  • Web only:
    • 20 - In-Store Pickup
    • 21 - Dine In
    • 22 - Curbside Pickup
    • 23 - Outpost
    • 24 - Delivery
  • Catering only:
    • 30 - In-Store Pickup
    • 31 - Dine In
    • 32 - Curbside Pickup
    • 33 - Outpost
    • 34 - Delivery
latnumber(float)

The user's geo-coordinates (latitude). This will be used to find the closest store.

longnumber(float)

The user's geo-coordinates (longitude). This will be used to find the closest store.

addressstring

A Google Maps Places API-formatted address string. This will be used either to find the closest pickup store or as the delivery address, depending on the specified fulfillment method.

showDraftLocationsboolean

Set to true if you want to see draft locations in an otherwise live org. This should be only used for testing new locations in a non-prod environment or through a special flag activated on certain users' accounts.

pageinteger(int32)>= 0
limitinteger(int32)[ 1 .. 50 ]
Headers
x-md-api-versionstringrequired
Value"4"
x-bite-org-idstringrequired

The org ID you are working with.

x-bite-order-channelstring(OrderChannel)required

The order channel you are working with.

Enum"catering""flash""kiosk""linebuster""web"
curl -i -X GET \
  'https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/locations/search?fulfillmentMethods=0&lat=0.1&long=0.1&address=string&showDraftLocations=true&page=0&limit=1' \
  -H 'x-bite-order-channel: catering' \
  -H 'x-bite-org-id: string' \
  -H 'x-bite-public-key: YOUR_API_KEY_HERE' \
  -H 'x-md-api-version: 4'

Responses

Success!

Bodyapplication/json
locationsArray of objectsrequired
locations[].​_idstring(PropertyId)required

The Bite ID of the location.

locations[].​namestring(PropertyName)required

Name of the location.

locations[].​shortCodestring(PropertyShortCode)= 4 charactersrequired

The location's unique 4-letter short code.

locations[].​urlSlugstring(PropertyUrlSlug)[ 4 .. 32 ] charactersrequired

The location's unique slug that's used in the location's web ordering url.

locations[].​thirdPartyIdstring(PropertyThirdPartyId)

The location's unique ID in a third-party system. Only available if the value is set in Bite Admin.

locations[].​phoneNumberstring(location_PropertyPhoneNumber)= 10 charactersrequired

The location's phone number, formatted as a 10-digit string.

locations[].​coordinatesArray of numbers(float)(PropertyCoordinates)= 2 itemsrequired

The location's geo-coordinates (long, lat).

locations[].​fullAddressobject(PropertyFullAddress)required

The location's full physical address.

locations[].​fullAddress.​line1stringrequired
locations[].​fullAddress.​line2string
locations[].​fullAddress.​crossStreetstring
locations[].​fullAddress.​citystringrequired
locations[].​fullAddress.​statestringrequired

Two-letter abbreviation for the state or province.

locations[].​fullAddress.​postalCodestringrequired
locations[].​fullAddress.​countrystring
locations[].​urlstringrequired

The url for this location's ordering page.

locations[].​availableDiningOptionsArray of objects(AvailableDiningOptionsProperty)non-emptyrequired

A list of enabled dining options with associated opening hours for each one.

locations[].​availableDiningOptions[].​fulfillmentMethodinteger(int32)(fulfillment-method_FulfillmentMethod)required

Fulfillment Method:

  • Web only:
    • 20 - In-Store Pickup
    • 21 - Dine In
    • 22 - Curbside Pickup
    • 23 - Outpost
    • 24 - Delivery
  • Catering only:
    • 30 - In-Store Pickup
    • 31 - Dine In
    • 32 - Curbside Pickup
    • 33 - Outpost
    • 34 - Delivery
locations[].​availableDiningOptions[].​asapOrdersEnabledbooleanrequired

True if ASAP orders can be placed at this location with this fulfillment method; false otherwise. If this is false, then futureOrdersEnabled has to be true.

locations[].​availableDiningOptions[].​futureOrdersEnabledbooleanrequired

True if future orders can be placed at this location with this fulfillment method; false otherwise. If this is false, then asapOrdersEnabled has to be true.

locations[].​availableDiningOptions[].​openingHoursobjectrequired

Opening hours for this dining option, broken down by day of the week.

locations[].​availableDiningOptions[].​openingHours.​monobject(LocationOpenHoursSchedule)
locations[].​availableDiningOptions[].​openingHours.​tueobject(LocationOpenHoursSchedule)
locations[].​availableDiningOptions[].​openingHours.​wedobject(LocationOpenHoursSchedule)
locations[].​availableDiningOptions[].​openingHours.​thuobject(LocationOpenHoursSchedule)
locations[].​availableDiningOptions[].​openingHours.​friobject(LocationOpenHoursSchedule)
locations[].​availableDiningOptions[].​openingHours.​satobject(LocationOpenHoursSchedule)
locations[].​availableDiningOptions[].​openingHours.​sunobject(LocationOpenHoursSchedule)
locations[].​distanceFromGuestinteger(int32)required

Distance from the address or coordinates provided by the guest (measured in miles).

Response
application/json
{
  "locations": [
    { … }
  ]
}

Get Future Order Slots

Request

Returns all the future order slots for which a guest could place an order at this location.

Security
ApiKeySecurityScheme
Path
locationIdstring

The location ID from which delivery is being ordered.

Query
fulfillmentMethodinteger(int32)(fulfillment-method_FulfillmentMethod)required

The user's chosen fulfillment methods for their order. Future order slots will be returned for this fulfillment method.

  • Web only:
    • 20 - In-Store Pickup
    • 21 - Dine In
    • 22 - Curbside Pickup
    • 23 - Outpost
    • 24 - Delivery
  • Catering only:
    • 30 - In-Store Pickup
    • 31 - Dine In
    • 32 - Curbside Pickup
    • 33 - Outpost
    • 34 - Delivery
outpostIdstring

The ID of the outpost from which the guest wants to pick up the food.

orderedItemsLeadTimeinteger(int32)

The lead time that has been calculated for the guest's order purely based on the cart contents. This value is only meant to be provided if the API rejects the order at validation time due to the chosen future order slot being in the past. In that case, the client needs to provide an expected order lead time so slots that are too early won't be shown. If provided, the API will filter out any time slots by which the order would not be ready.

Headers
x-md-api-versionstringrequired
Value"4"
x-bite-org-idstringrequired

The org ID you are working with.

curl -i -X GET \
  'https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/locations/{locationId}/future-order-slots?fulfillmentMethod=0&outpostId=string&orderedItemsLeadTime=0' \
  -H 'x-bite-org-id: string' \
  -H 'x-bite-public-key: YOUR_API_KEY_HERE' \
  -H 'x-md-api-version: 4'

Responses

Success!

Bodyapplication/json
futureOrderSlotsArray of objectsrequired

A list of both available and unavailable future order slots grouped by day.

futureOrderSlots[].​calendarDaystringrequired

The specific calendar day represented as 'YYYY-MM-DD'.

futureOrderSlots[].​slotsArray of objectsnon-emptyrequired

A list of both available and unavailable future order slots for the specific calendar day.

futureOrderSlots[].​slots[].​timestampstringrequired

ISO date string (with timezone offset) for the future order time slot.

futureOrderSlots[].​slots[].​availablebooleanrequired

True if the future order time slot is available for ordering; false otherwise.

Response
application/json
{
  "futureOrderSlots": [
    { … }
  ]
}

Orders

Endpoints for ordering actions

Operations

Mobile App Config

Endpoints for getting the config bundle of a mobile app

Operations

Reporting

Endpoints for generating reports

Operations

Webhooks

Webhooks can be used to notify non-Bite systems of events happening at Bite. They can be configured by Bite employees at the organization level. They use pre-defined location groups to determine which locations the webhooks are active at.

Operations

Embedding Bite in a 3rd Party Mobile App