Get SSO Token

Retrieves a client instance-level access token from your redirect URI after a successful user login through the Punchh-hosted authentication form. After you retrieve the client-level access token from this endpoint, supply it to the Fetch User Information API to retrieve a user-level authentication or access token. You can then use that user-level token to authenticate API calls for the remainder of the user's session.

Note: This endpoint is the second step in a multi-step authorization process. For more information, see SSO Flow for Web and Mobile.

Headers
  • Accept
    Type: string
    required

    Advertises which content types the client is able to understand

  • Content-Type
    Type: string
    required

    Set this header to application/json.

  • User-Agent
    Type: string
    required

    For details, see User Agent.

  • x-pch-digest
    Type: string
    required

    The signature for the API call

Body
application/json
  • client_id
    Type: string
    required

    OAuth client ID of the business

  • client_secret
    Type: string
    required

    OAuth client secret of the business

  • code
    Type: string
    required

    Authorization code retrieved from the redirect URL after a successful user login. See SSO Flow for Web and Mobile

  • grant_type
    Type: string
    required

    Grant type the Punchh server will use to generate the access token

  • redirect_uri
    Type: string
    required

    Redirect URI configured in the OAuth app where users are sent after a successful user login through the Punchh-hosted authentication form

Responses
  • application/json
  • application/json
Request Example for post/oauth/token
curl https://SERVER_NAME_GOES_HERE.punchh.com/oauth/token \
  --request POST \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header 'User-Agent: Punchh/OnlineOrder/1.0/Web/BrowserVersion/OS_Type' \
  --header 'x-pch-digest: SIGNATURE_GOES_HERE' \
  --data '{
  "code": "TOKEN_GOES_HERE",
  "client_id": "CLIENT_GOES_HERE",
  "client_secret": "SECRET_GOES_HERE",
  "grant_type": "authorization_code",
  "redirect_uri": "https://redirect-uri.com/auth"
}'

{
  "access_token": "ACCESS_TOKEN_GOES_HERE",
  "token_type": "Bearer",
  "refresh_token": "REFRESH_TOKEN_GOES_HERE",
  "scope": "null",
  "created_at": "1695818361"
}
Copyright © 2026 PAR Technology Corporation. All rights reserved.
PAR Technology Corporation 8383 Seneca Turnpike, Suite 3 New Hartford, New York 13413 (315) 738-0600 legal@partech.com. PAR Tech is a leading global provider of software, systems, and service solutions to the restaurant and retail industries. You may learn about its product offerings here.
Before using this application, please read the Limited License Agreement and the PAR Tech Terms of Use. In addition, the sample applications of PAR Technology are licensed under the terms of the O'Saasy License.