Reward Link API
Reward Points API
Rewards API
Storefront Integration API
Authentication
curl --request POST \
--url https://stagingstores.xoxoday.com/chef/v1/oauth/token/company \
--header 'Content-Type: application/json' \
--data '
{
"grant_type": "refresh_token",
"refresh_token": "XXXXXXXXX",
"client_id": "XXXXXXXXX",
"client_secret": "XXXXXXXXX"
}
'{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 1296000,
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4...",
"access_token_expiry": 1718000000000,
"refresh_token_expiry": 1720000000000
}Refresh Token
Get a new access token using your refresh token. Every call issues a brand-new refresh token — the old one is immediately invalidated. Always persist the new refresh token from the response.
curl --request POST \
--url https://stagingstores.xoxoday.com/chef/v1/oauth/token/company \
--header 'Content-Type: application/json' \
--data '
{
"grant_type": "refresh_token",
"refresh_token": "XXXXXXXXX",
"client_id": "XXXXXXXXX",
"client_secret": "XXXXXXXXX"
}
'{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 1296000,
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4...",
"access_token_expiry": 1718000000000,
"refresh_token_expiry": 1720000000000
}Documentation Index
Fetch the complete documentation index at: https://help-plum.xoxoday.com/llms.txt
Use this file to discover all available pages before exploring further.
📘 Learn how to manage your access and refresh tokens here.
Request Schema
| Property | Type | Description |
|---|---|---|
| grant_type | string | Must be "refresh_token" to indicate token regeneration. |
| refresh_token | string | The existing refresh token used to generate a new access token. |
| client_id | string | Client ID provided to you for authentication. |
| client_secret | string | Client secret used to authenticate and validate the refresh request. |
Response Schema
| Property | Type | Description |
|---|---|---|
| access_token | string | Newly generated access token. |
| token_type | string | Type of token issued (bearer). |
| expires_in | number | Access token validity duration (in seconds). |
| refresh_token | string | New refresh token issued to the user. |
Body
Must be "refresh_token".
refresh_token The existing refresh token used to obtain a new access token.
Client ID provided to you for authentication.
Client secret associated with the client ID.
Response
New tokens issued successfully.
Newly generated access token.
"bearer"
Access token validity in seconds.
New refresh token (old one is immediately invalidated).
Epoch timestamp (ms) when the access token expires.
Epoch timestamp (ms) when the refresh token expires.