YumKiosk YumKiosk Docs
⌘K
Website Agent login Owner panel
API Reference

API reference overview

Overview of the YumKiosk APIs and how to use them.

API reference overview

YumKiosk exposes three HTTP APIs, each with its own authentication model and use case. This page gives you a map of what exists so you can jump to the right place. For deep dives on each surface, follow the links below or use the sidebar.

The three APIs

1. Public kiosk API

Base URL: https://api.yumkiosk.com

Used by tablet kiosks to start sessions, poll for status, fetch menus, and issue Agora video tokens. Authenticated by a long-lived device token issued at pairing time. No human user is behind this API — it's machine-to-machine between a physical kiosk and the YumKiosk cloud.

See Public kiosk API for the full endpoint catalog.

2. Authenticated agent API

Base URL: https://agent.yumkiosk.com/api

Used by the agent dashboard running in a browser after an agent logs in. Authenticated by a standard Laravel session cookie plus CSRF token. Every endpoint here requires an active login.

See Authenticated agent API for the full endpoint catalog.

3. Webhooks (outbound)

YumKiosk pushes events to your own HTTP endpoint for integration with external systems (POS, analytics, accounting). Signed with HMAC-SHA256 for authenticity.

See Webhooks for the event catalog and signature verification.

Getting started

Pick a use case:

  • Building a kiosk app or hardware integration? Start with the Public kiosk API.
  • Building a custom agent client or automation on top of the dashboard? Start with the Authenticated agent API.
  • Integrating YumKiosk events into another system? Start with Webhooks.
  • Need a general primer on auth models? Start with Authentication.

Common topics across all APIs

Regardless of which API you're using, a few shared conventions apply:

Format and versioning

All APIs speak JSON. Request bodies should set Content-Type: application/json. Response bodies are always JSON (except for direct file downloads like invoices). Dates are ISO-8601 UTC strings. Money is in integer cents in the base currency of the owner account.

The APIs are currently unversioned. Any breaking change will either be gated behind a new endpoint path or announced in the changelog with at least 30 days notice before rollout.

Need help?

If you're integrating and get stuck:

  • Every error response includes a request_id. Put it in any support email.
  • Email developers@yumkiosk.com for API-specific questions.
  • Email support@yumkiosk.com for everything else.

We typically respond within one business day.