Pick your environment
For everything below, set the base URL once. We’ll use the development
environment.
Verify your credentials
Hit a cheap, side-effect-free endpoint to confirm authentication works.
A
GET /brands lists every brand under your business — it’s the smallest
thing that requires real auth.200 with a data array means you’re in. A 401 means the key /
secret pair is wrong or revoked. A 403 means the credential is valid
but lacks the brands:read scope — talk to your operator.List recent orders
GET /orders returns the page of orders for your business, newest first.
Page through with cursor (see List Orders).status field via the OrderStatus reference.Pull a menu
GET /menus has two modes:- With
brand_idandbranch_id— store-level snapshot (the payload that ships to aggregator marketplaces). - Without either — business-level tree (no store overrides applied).
Stand up a webhook receiver
To consume events you host an endpoint and give the URL to your klikit
operator. Walk through Webhooks overview
next — it has copy-runnable Node and Python receivers that handle
signature verification, idempotency, and acknowledgement correctly.
What to read next
Authentication
HTTP Basic, key rotation, scope vocabulary.
Response envelope
The shape every success and every error shares.
Idempotency
When and how to use
Idempotency-Key headers on writes.Webhooks
Verify, dedupe, and acknowledge order events.