Menu Authentication

The Menu Integration API runs on a separate endpoint from the main YUMBI Gateway:

https://integrations.yumbi.com

Authentication follows the same OAuth 2.0 Client Credentials flow used by the Gateway, but tokens are issued against the integrations service.

Requesting a Token

To obtain an access token, send a POST request to the token endpoint provided during onboarding. The request uses application/x-www-form-urlencoded content type.

Request:

curl -X POST https://auth.yumbi.com/oauth2/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"

Parameter	Description
`grant_type`	Must be `client_credentials`
`client_id`	Your assigned client identifier
`client_secret`	Your assigned client secret

Response:

{
  "access_token": "eyJhbGciOi...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

The access_token is a JWT valid for 3600 seconds (1 hour). You'll need to request a new token once it expires.

Using the Token

Include the token in the Authorization header for all requests to the Menu Integration API:

Authorization: Bearer eyJhbGciOi...

All API calls to https://integrations.yumbi.com must include a valid access token as the header authorisation parameter.

🚧
Your client_id and client_secret will be provided by the Yumbi team during onboarding. Keep these credentials secure and never expose them in client-side code.

Requesting a Token

Using the Token

Your client_id and client_secret will be provided by the Yumbi team during onboarding. Keep these credentials secure and never expose them in client-side code.

Your `client_id` and `client_secret` will be provided by the Yumbi team during onboarding. Keep these credentials secure and never expose them in client-side code.