Skip to main content
POST
/
v1
/
partner
/
menus
/
populate
Populate stores with the business-level menu (first-time push)
curl --request POST \
  --url https://api.dev.shadowchef.co/v1/partner/menus/populate \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "stores": [
    {
      "brandID": 663,
      "branchID": 1062
    }
  ],
  "sections": {
    "1022": {
      "sequence": 1,
      "availableTimes": {
        "0": {
          "disabled": false,
          "slots": [
            {
              "startTime": 200,
              "endTime": 230
            }
          ]
        },
        "1": {
          "disabled": false,
          "slots": [
            {
              "startTime": 200,
              "endTime": 230
            }
          ]
        },
        "2": {
          "disabled": false,
          "slots": [
            {
              "startTime": 200,
              "endTime": 230
            }
          ]
        },
        "3": {
          "disabled": false,
          "slots": [
            {
              "startTime": 200,
              "endTime": 230
            }
          ]
        },
        "4": {
          "disabled": false,
          "slots": [
            {
              "startTime": 200,
              "endTime": 230
            }
          ]
        },
        "5": {
          "disabled": false,
          "slots": [
            {
              "startTime": 200,
              "endTime": 230
            }
          ]
        },
        "6": {
          "disabled": false,
          "slots": [
            {
              "startTime": 200,
              "endTime": 230
            }
          ]
        }
      }
    }
  }
}
'
{
  "request_id": "req_4d1b7e3f-...",
  "data": "<unknown>",
  "error": {
    "code": "auth_invalid_credential",
    "message": "<string>",
    "details": "<unknown>"
  }
}

Authorizations

Authorization
string
header
required

Authorization: Basic base64(partner_key:secret_key).

Credentials are issued by a klikit operator. The plaintext secret_key is shown once at issuance and cannot be retrieved later — store it securely. If lost, ask your operator to rotate the secret to receive a new one. The old secret stops working immediately on rotation; there is no overlap window.

Body

application/json

Push the named sections to each (brand, branch) store.

Two read-this-first behaviours:

  1. Overlap check. A non-empty sections[<id>].availableTimes triggers an overlap check against schedules already attached to the store; a collision returns 400 request_invalid. The simplest opt-out is to send availableTimes: {} — the menu service then falls back to the section's business-level schedule.

  2. Persisted fields. Sync deliberately keeps the store's existing overrides for a few fields (defaults listed under PersistFieldOnSync) — so a stock store-only schedule edit isn't blown away when you ship an unrelated business-level change. To overwrite one of those fields from the business-level value, include its name in fieldIncludeOnSync. Example:

    { "fieldIncludeOnSync": ["availableTimes"] }

    subtracts availableTimes from the persist list so the store-section schedule is overwritten with the section's current business-level availableTimes.

After sync, the partner-facing getMenu response reads from a cached blob — call publishMenu afterwards to rebuild it (and to ship the change to provider marketplaces).

stores
object[]
required
sections
object
required

Section-id keyed object. Each value carries display order + per-store schedule overrides.

fieldIncludeOnSync
string[]

Field names to exclude from the persist list — i.e. force-overwrite the store's existing override with the business-level value. Common picks: availableTimes, isEnabled, visibilities, blackoutDates for sections.

persistFieldOnSync
object

Explicit per-level persist allowlist. If you set this, the menu service replaces the default list wholesale — usually you want to leave this unset and use fieldIncludeOnSync instead.

Response

200 - application/json

Success — payload wrapped in the canonical Envelope.

Canonical response wrapper. Every response — success or error — carries the request_id so you can quote one id to klikit support to correlate a request end-to-end.

request_id
string
required
Example:

"req_4d1b7e3f-..."

data
any

Endpoint-specific payload on success.

error
object

Machine-readable error code + human message. The code is stable across releases — switch on code in your client code rather than parsing the message text.

Common codes you will encounter as a partner:

CodeHTTPMeaning
auth_missing401Authorization header absent / malformed
auth_invalid_credential401partner_key or secret_key did not verify
auth_revoked403Credential is revoked
auth_forbidden403Credential not authorized for the requested scope
request_invalid400Body / query parameters failed validation
request_missing_idempotency_key400Write endpoint called without Idempotency-Key
request_invalid_range400Date range > 90 days
resource_not_found404Order / store / mapping does not exist
resource_unmapped404Stock / availability call referenced an unknown SKU
state_invalid_transition409Order PATCH not allowed by current state
state_idempotency_conflict409Same Idempotency-Key reused with a different body
rate_limit_exceeded429Per-credential rate cap hit
downstream_unavailable502An internal klikit dependency is unreachable