Skip to content

Bite API (v2)

Introduction

Overview

Bite exposes online ordering functionality through a REST API which third party developers can use to create applications on top of the Bite platform.

Bite Nomenclature

Customers

A Bite "Customer" represents a full end-user account created on Bite's platform. Customers can be created with a Bite password or can be authenticated against a Single Sign-On provider such as Paytronix or Punchh. Bite Customers have the following features:

  • A single set of credentials could be used to create completely different accounts under different brands that Bite works with.
  • Storing credit cards on file so that they could be used for future purchases.
  • Access to the customer's favorite ordered items and recent order history.
  • Storing delivery addresses on file for future purchases.

After creating or authenticating a Bite Customer through the API, a unique authentication token will be returned which can be used to refer to that user from that moment on without the need to store their password in your application.

Usage Basics

Environments

A dedicated sandbox environment will be provisioned for each new third-party developer. All development and testing must be carried out through that environment. It will include both an API sandbox as well as Admin Portal sandbox so that test locations could be modified by the developers for the purposes of testing their integration with Bite. The Sandbox environment runs the same code as production. https://YOUR_SANDBOX_SUB_DOMAIN.getbite.com/api

The production environment endpoint is: [REDACTED]

All communication must be encrypted over TLS 1.2

Request/Response Basics

Headers and Status Codes

https://<environment_domain>/<API_version>/<resource>?[params]

  • Bite API expects both the request and the response bodies to encoded with JSON, so both the HTTP Accept and Content-Type headers should be set to application/json.
  • HTTP Status Codes will be returned as follows:
    • 200 OK - The requested operation completed successfully!
    • 400 Bad Request - An error occurred on the Bite side or on the POS side. Please reference the response body's "code" value in the Bite Error Codes documentation.
    • 403 Forbidden - Invalid API credentials or insufficient access to a resource or operation.
    • 500 Server Error - An unexpected error occurred. Please verify that your request is correctly formatted.
  • Every API call must include the following headers:
    Header
    		DescriptionExample
    x-md-api-versionMust be set to 4x-md-api-version: 4
    x-bite-org-idMust be set to the brand id that you are working with. This value will be provided along with the sandbox environment.x-bite-org-id: 5fa31dc97acd2f0031e023eb
    x-customer-app-scopeMust be set to the brand's account scope. This value will be provided along with the sandbox environment.x-customer-app-scope: my-brand-scope
    AuthorizationMust be set to Bearer: API_TOKEN. The API_TOKEN will be provided along with the sandbox environment.Authorization: Bearer 2979c798-c901-4ceb-8478-3b26c24a998d
    User-AgentUnique user agent value that identifies the app. Please send this formatted as application_name/version.User-Agent: SomeApp/v1.2.3
    X-Device-IdUnique hardware identifier for the device.X-Device-Id: 993e0082-5bfd-4bbc-98ec-d13b50bbd54a

Response Structure

A success response structure will look as follows:

{
  success: true;
  data?: {...};
}

An error response structure will look as follows:

{
  success: false;
  code: number;
  message?: string;
  data?: {...};
}

Bite Error Codes

Any error response will contain an error code:

CodeMeaningSuggested Action
60Customer Password Already Used: The customer is trying to use a password they have previously used.
61Customer Token Invalid: The token has been malformed or has expired.Maybe the customer needs to log out and log in again because they've changed their password.
62Customer Account Not Verified: The customer resource being accessed requires a verified customer account.
63Customer Account Disabled: The specified customer account has been disabled by one of the brand admins.
64Customer Account Deleted: The specified customer account has been deleted by one of the brand admins.

Versioning and Compatibility

Please treat all IDs in the API as strings.

We will not remove properties from the current API version, but we do add new properties to return objects from time to time.

There is no guaranteed ordering of properties. We request that properties are accessed by name and not by index.

Please do not rely on error messages for logic. Error text may change periodically. Rather rely on error codes, which are guaranteed to not change.

Rate Limiting

Some API endpoints are protected through the use of rate limiting. The base rate limit can be found in the description of the API endpoint.

Information about the current usage can be found in the headers of the response:

  • Ratelimit-Limit: The amount of requests permitted
  • Ratelimit-Remaining: How many requests can be made in the interval
  • Ratelimit-Reset: How long, in seconds, until the rate-limit interval ends and the remaining amount of requests resets

The rate limit maximum is adjusted by the number of locations associated with the token. For example, if an API has a base rate limit of 50 requests per minute, then an organization with 10 locations may use the API endpoint 500 times per minute.

Changelog

2026-02-24

  • Updated definitions of openingHoursByFulfillmentMethod

2025-07-23

  • Updated security for Bite API Token based requests

2024-08-29

  • Added consentedToMarketing field to order

2024-01-22

  • Added section to ordered item schema

2024-01-03

  • More details regarding rate limiting

2023-11-07

  • Deprecated: POST /api/v2/reporting/orders/day
  • New Endpoint: GET /api/v2/reporting/orders/day/:date

2022-12-19

  • Updated rate limits of API calls
  • Reversed order of change log

2022-10-25

  • New endpoints:
    • POST /api/v2/reporting/orders/day
    • GET /api/v2/locations
  • Rate Limiting

2021-10-19

  • First Draft
Download OpenAPI description
bite-api-v2.json
bite-api-v2.yaml
Languages
Servers
Mock server
https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2
Sandbox
https://{sandboxApiSubDomain}.getbite.com/api

Account Management

Customer account signup/login and other CRUD operations.

Operations

Delivery Addresses

Management of saved delivery addresses on the customer account.

Operations

Order History

Past orders associated with the customer account.

Operations

Payment Methods

Management of saved payment methods on the customer account.

Operations

Push Tokens

Save mobile app push notification tokens on the customer account.

Operations

Pick a Location

Endpoints for picking a location from which to order.

Operations

Get Future Order Slots

Request

Returns all the future order slots for which a guest could place an order at this location.

Security
ApiKeySecurityScheme
Path
locationIdstring

The location ID from which delivery is being ordered.

Query
fulfillmentMethodinteger(int32)(fulfillment-method_FulfillmentMethod)required

The user's chosen fulfillment methods for their order. Future order slots will be returned for this fulfillment method.

  • Web only:
    • 20 - In-Store Pickup
    • 21 - Dine In
    • 22 - Curbside Pickup
    • 23 - Outpost
    • 24 - Delivery
  • Catering only:
    • 30 - In-Store Pickup
    • 31 - Dine In
    • 32 - Curbside Pickup
    • 33 - Outpost
    • 34 - Delivery
outpostIdstring

The ID of the outpost from which the guest wants to pick up the food.

orderedItemsLeadTimeinteger(int32)

The lead time that has been calculated for the guest's order purely based on the cart contents. This value is only meant to be provided if the API rejects the order at validation time due to the chosen future order slot being in the past. In that case, the client needs to provide an expected order lead time so slots that are too early won't be shown. If provided, the API will filter out any time slots by which the order would not be ready.

Headers
x-md-api-versionstringrequired
Value"4"
x-bite-org-idstringrequired

The org ID you are working with.

curl -i -X GET \
  'https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/locations/{locationId}/future-order-slots?fulfillmentMethod=0&outpostId=string&orderedItemsLeadTime=0' \
  -H 'x-bite-org-id: string' \
  -H 'x-bite-public-key: YOUR_API_KEY_HERE' \
  -H 'x-md-api-version: 4'

Responses

Success!

Bodyapplication/json
futureOrderSlotsArray of objectsrequired

A list of both available and unavailable future order slots grouped by day.

futureOrderSlots[].​calendarDaystringrequired

The specific calendar day represented as 'YYYY-MM-DD'.

futureOrderSlots[].​slotsArray of objectsnon-emptyrequired

A list of both available and unavailable future order slots for the specific calendar day.

futureOrderSlots[].​slots[].​timestampstringrequired

ISO date string (with timezone offset) for the future order time slot.

futureOrderSlots[].​slots[].​availablebooleanrequired

True if the future order time slot is available for ordering; false otherwise.

Response
application/json
{
  "futureOrderSlots": [
    { … }
  ]
}

Validate the Delivery Address at a Location

Request

Checks whether the specified address is within the delivery range of the location.

Security
ApiKeySecurityScheme
Path
locationIdstring

The location ID from which delivery is being ordered.

Headers
x-md-api-versionstringrequired
Value"4"
x-bite-org-idstringrequired

The org ID you are working with.

Bodyapplication/jsonrequired
fulfillmentMethodinteger(int32)(fulfillment-method_FulfillmentMethod)required

Fulfillment Method:

  • Web only:
    • 20 - In-Store Pickup
    • 21 - Dine In
    • 22 - Curbside Pickup
    • 23 - Outpost
    • 24 - Delivery
  • Catering only:
    • 30 - In-Store Pickup
    • 31 - Dine In
    • 32 - Curbside Pickup
    • 33 - Outpost
    • 34 - Delivery
addressobject(delivery-address_DeliveryAddress)required
address.​line1string(PropertyLine1)required
address.​line2string(PropertyLine2)
address.​citystring(PropertyCity)required
address.​statestring(PropertyState)
address.​postalCodestring(PropertyPostalCode)required
curl -i -X POST \
  'https://documentation.getbite.com/_mock/openapi/v2/bite-api-v2/v2/locations/{locationId}/validate-delivery-address' \
  -H 'Content-Type: application/json' \
  -H 'x-bite-org-id: string' \
  -H 'x-bite-public-key: YOUR_API_KEY_HERE' \
  -H 'x-md-api-version: 4' \
  -d '{
    "fulfillmentMethod": 0,
    "address": {
      "line1": "string",
      "line2": "string",
      "city": "string",
      "state": "string",
      "postalCode": "string"
    }
  }'

Responses

Success!

Bodyapplication/json
canDeliverbooleanrequired

True if the specified address is within the delivery range of the location; false otherwise.

Response
application/json
{
  "canDeliver": true
}

Orders

Endpoints for ordering actions

Operations

Mobile App Config

Endpoints for getting the config bundle of a mobile app

Operations

Reporting

Endpoints for generating reports

Operations

Webhooks

Webhooks can be used to notify non-Bite systems of events happening at Bite. They can be configured by Bite employees at the organization level. They use pre-defined location groups to determine which locations the webhooks are active at.

Operations

Embedding Bite in a 3rd Party Mobile App