Reward Link API
Reward Points API
Rewards API
Storefront Integration API
Authentication
Creating User Tokens using Company Token
curl --request POST \
--url https://stagingstores.xoxoday.com/chef/v1/oauth/token/create/user \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"user_input": "your.email@example.com",
"scope": "user_session"
}
'{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 1296000,
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4...",
"access_token_expiry": 1718000000000,
"refresh_token_expiry": 1720000000000
}Creating User Tokens using Company Token
Exchange a Company Bearer token for a User-scoped access token. Pass your Company-level Bearer token in the Authorization header. The response returns a full token set scoped to the specified user session.
POST
/
token
/
create
/
user
Creating User Tokens using Company Token
curl --request POST \
--url https://stagingstores.xoxoday.com/chef/v1/oauth/token/create/user \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"user_input": "your.email@example.com",
"scope": "user_session"
}
'{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 1296000,
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4...",
"access_token_expiry": 1718000000000,
"refresh_token_expiry": 1720000000000
}Documentation Index
Fetch the complete documentation index at: https://help-plum.xoxoday.com/llms.txt
Use this file to discover all available pages before exploring further.
Creating user tokens API schema
| Property | Type | Description |
|---|---|---|
user_input | String | Super Admin email address. |
scope | String | Permission scope being assigned/validated (e.g., user_session). |
Response Schema
| Path | Type | Description |
|---|---|---|
| access_token | string | Newly generated access token for the user. |
| token_type | string | Always "bearer". |
| expires_in | number | Token validity duration in seconds. |
| refresh_token | string | Token used to regenerate a new access token once expired. |
| access_token_expiry | number | Epoch timestamp (ms) when the access token expires. |
| refresh_token_expiry | number | Epoch timestamp (ms) when the refresh token expires. |
Authorizations
Authorization: Bearer <access_token>
Body
application/json
Response
User-scoped tokens issued successfully.
Newly generated access token.
Example:
"bearer"
Access token validity in seconds.
New refresh token (old one is immediately invalidated).
Epoch timestamp (ms) when the access token expires.
Epoch timestamp (ms) when the refresh token expires.
⌘I
Assistant
Responses are generated using AI and may contain mistakes.