Reward Link API
Reward Points API
Storefront Integration API
Authentication
Refresh Token
curl --request POST \
--url https://stagingstores.xoxoday.com/chef/v1/oauth/token/user \
--header 'Content-Type: application/json' \
--data '
{
"grant_type": "refresh_token",
"refresh_token": "XXXXXXXXX",
"client_id": "XXXXXXXXX",
"client_secret": "XXXXXXXXX"
}
'{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 1296000,
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4...",
"access_token_expiry": "1718000000000",
"refresh_token_expiry": "1720000000000"
}Refresh Token
Get a new access token using your refresh token. Every call issues a brand-new refresh token — the old one is immediately invalidated. Always persist the new refresh token from the response.
POST
/
token
/
user
Refresh Token
curl --request POST \
--url https://stagingstores.xoxoday.com/chef/v1/oauth/token/user \
--header 'Content-Type: application/json' \
--data '
{
"grant_type": "refresh_token",
"refresh_token": "XXXXXXXXX",
"client_id": "XXXXXXXXX",
"client_secret": "XXXXXXXXX"
}
'{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 1296000,
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4...",
"access_token_expiry": "1718000000000",
"refresh_token_expiry": "1720000000000"
}Documentation Index
Fetch the complete documentation index at: https://help-plum.xoxoday.com/llms.txt
Use this file to discover all available pages before exploring further.
Request Schema
| Parameter | Type | Required | Description |
|---|---|---|---|
| grant_type | string | Yes | Must be "refresh_token" for this API. |
| refresh_token | string | Yes | The previously issued refresh token used to obtain a new access token. |
| client_id | string | Yes | The client identifier provided by Xoxoday. |
| client_secret | string | Yes | The client secret associated with the client ID. Used to authenticate the refresh request. |
Response Schema
| Parameter | Type | Description |
|---|---|---|
| access_token | string | Newly issued access token to be used for authenticated API calls. |
| token_type | string | Token type. Always "bearer". |
| expires_in | number | Lifetime of the access token in seconds. |
| refresh_token | string | Newly issued refresh token. Use this to generate new access tokens when current one expires. |
| access_token_expiry | string | Epoch timestamp (milliseconds) indicating expiry time of the access token. |
| refresh_token_expiry | string | Epoch timestamp (milliseconds) indicating expiry of the refresh token. |
📘 Learn how to manage your access and refresh tokens here.
Body
application/json
Response
New tokens issued successfully.
Newly generated access token.
Example:
"bearer"
Lifetime of the access token in seconds.
Newly issued refresh token. Old one is immediately invalidated.
Epoch timestamp (ms) when the access token expires.
Epoch timestamp (ms) when the refresh token expires.
⌘I
Assistant
Responses are generated using AI and may contain mistakes.