Skip to main content
RestAI uses JWT (JSON Web Tokens) for authentication. The authentication system provides secure access to the API with both access tokens and refresh tokens.

Authentication Flow

  1. Register - Create a new organization and user account
  2. Login - Authenticate with email and password to receive tokens
  3. Use Access Token - Include the access token in the Authorization header for API requests
  4. Refresh - Use the refresh token to obtain a new access token when it expires

Token Types

Access Token

  • Short-lived token used to authenticate API requests
  • Include in the Authorization header as Bearer {accessToken}
  • Contains user ID, organization ID, role, and branch access

Refresh Token

  • Long-lived token (7 days) used to obtain new access tokens
  • Store securely on the client
  • Can be revoked by logging out

Making Authenticated Requests

Include the access token in the Authorization header: 
curl https://api.restai.com/api/endpoint \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

User Roles

The API supports the following user roles with different permission levels:
  • org_admin - Full access to all organization resources
  • branch_manager - Manage specific branches
  • cashier - Process payments and orders
  • waiter - Take and manage orders
  • kitchen - View and update order preparation status

Error Codes

Authentication endpoints return the following error codes:
  • 401 UNAUTHORIZED - Invalid credentials or expired token
  • 409 CONFLICT - Email or organization slug already exists
  • 404 NOT_FOUND - User not found

Base URL

All authentication endpoints are prefixed with: 
https://api.restai.com/api/auth

Build docs developers (and LLMs) love

Get started for freeTalk to us