Get Access Code (Redemptions 2.0)

This API returns the single-scan code containing a UUID string in the API response. The loyalty user can use the single-scan code to pay, earn, and redeem a reward/offer with a single scan at the POS store. The value of the single_scan_code parameter returned in the API response can then be passed as the otp (one-time passcode) with the lookup_field parameter in the request of the Find User POS API. The OTP is a short-lived token generated via mobile app to securely identify guest users at the POS. The token expiration can be configured in the Punchh platform (contact your Punchh representative for more information). A user can generate only one token at a time. Each token is 6-34 alphanumeric characters.

Note: This mobile API endpoint (POST {server-name}/api2/mobile/single_scan_tokens) used for Redemptions 2.0 is the same as the Generate a Single Scan Code mobile API endpoint. When using this API with Redemptions 2.0, the following offers parameters must NOT be included with the request body:

  • reward_id
  • redeemable_id
  • banked_reward_amount
  • coupon
  • redeemable_card_count
Headers
  • Accept
    Type: string
    required

    Advertises which content types the client is able to understand

  • Authorization
    Type: string
    required

    Used to authorize the request with access_token. It should be supplied as Bearer ACCESS_TOKEN_GOES_HERE.

  • User-Agent
    Type: string
    required

    Used to Identify the software, device, and application initiating the request, providing information about the client to the server. For details, see User Agent.

  • punchh-app-device-id
    Type: string
    required

    The app device ID helps Punchh identify each device so that certain rewards can be awarded individually to each device instead of per user. For example, the sign-up reward is given to each device ID to prevent fraudulent sign-ups so that a user cannot do repeated sign-ups from a single device to get rewards. It should not change even if the user resets a device. See the sample code to generate the punchh-app-device-id header.

  • Content-Type
    Type: string
    required

    Set this header to application/json.

  • x-pch-digest
    Type: string
    required

    The signature for the API call

Body
application/json
  • client
    Type: string
    required

    OAuth client ID provided by the business

  • gift_card_uuid
    Type: string

    Identification number for gift card

  • payment_type
    Type: string

    Method of payment. Accepted values: CreditCard and GiftCard

  • tip
    Type: string

    Discretionary amount for tipping

Responses
  • application/json
  • application/json
  • application/json
Request Example for post/api2/mobile/single_scan_tokens
curl https://SERVER_NAME_GOES_HERE.punchh.com/api2/mobile/single_scan_tokens \
  --request POST \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer ACCESS_TOKEN_GOES_HERE' \
  --header 'User-Agent: AppIdentifier/VersionNumber/BuildNumber(OS_Type)' \
  --header 'punchh-app-device-id: APP_DEVICE_ID_GOES_HERE' \
  --header 'Content-Type: application/json' \
  --header 'x-pch-digest: {{$$.env.signature}}' \
  --data '{
  "payment_type": "GiftCard",
  "gift_card_uuid": "UUID_GOES_HERE",
  "tip": "1",
  "client": "CLIENT_GOES_HERE"
}'

{
  "expires_in": "2022-06-08T09:59:10Z",
  "created_at": "2022-06-08T09:54:10Z",
  "single_scan_code": "4E43DB"
}

OK

Copyright © 2026 PAR Technology Corporation. All rights reserved.
PAR Technology Corporation 8383 Seneca Turnpike, Suite 3 New Hartford, New York 13413 (315) 738-0600 legal@partech.com. PAR Tech is a leading global provider of software, systems, and service solutions to the restaurant and retail industries. You may learn about its product offerings here.
Before using this application, please read the Limited License Agreement and the PAR Tech Terms of Use. In addition, the sample applications of PAR Technology are licensed under the terms of the O'Saasy License.