Skip to main content
POST
/
auth
/
token
curl -X POST "https://firespark.vercel.app/api/integrations/v1/auth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=menus:write stores:read orders:read"

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "menus:write stores:read orders:read"
}
The Integrations API uses OAuth 2.0 (RFC 6749) with the client credentials grant for server-to-server authentication.

Prerequisites

Register your integration in the Fire spark dashboard to obtain a client_id and client_secret. Store the client secret on your server only.

Client credentials grant

Use this grant for machine-to-machine integrations such as POS, RMS, and aggregator connectors. Request an access token directly from the token endpoint. 
curl -X POST "https://firespark.vercel.app/api/integrations/v1/auth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=menus:write stores:read orders:read"

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "menus:write stores:read orders:read"
}

Token request parameters

ParameterRequiredDescription
grant_typeYesMust be client_credentials.
client_idYesYour integration client ID.
client_secretYesYour integration client secret.
scopeNoSpace-delimited list of scopes. Defaults to the scopes configured for your integration.

Available scopes

ScopeAccess
menus:readRead menus, categories, and products
menus:writeCreate and update menus
stores:readRead store configuration
stores:writeUpdate store configuration
channels:readRead sales channels
channels:writeUpdate sales channels
orders:readRead orders
orders:writeCreate and update orders
fulfillment:readRead fulfillment options
fulfillment:writeUpdate fulfillment options

Use the access token

Include the access token in the Authorization header of every authenticated request. 
curl "https://firespark.vercel.app/api/integrations/v1/menus" \
  -H "Authorization: Bearer ACCESS_TOKEN"
Access tokens expire after the number of seconds indicated by expires_in. Request a new token before expiry. Do not expose client secrets or access tokens in client-side code.

Error responses

Token and authorization errors follow RFC 6749. The token endpoint returns application/json with an error field.
ErrorDescription
invalid_requestA required parameter is missing or malformed.
invalid_clientClient authentication failed.
invalid_grantThe provided credentials are invalid.
unauthorized_clientThe client is not authorized for this grant type.
unsupported_grant_typeThe grant_type value is not supported.
invalid_scopeThe requested scope is invalid or exceeds what is allowed.
Error
{
  "error": "invalid_client",
  "error_description": "Client authentication failed."
}