Authorization FAQ
The Lightspeed Restaurant K-Series APIs support OAuth2 authentication using the authorization code grant flow.
See Authorization Overview and our Authentication Tutorial for more details on how to connect.
Endpoints
Below are the URLs that should be used during the authorization process.
| Environment | Authorization URL | Token URL |
|---|---|---|
| Trial | https://api.trial.lsk.lightspeed.app/oauth/authorize | https://api.trial.lsk.lightspeed.app/oauth/token |
| Production | https://api.lsk.lightspeed.app/oauth/authorize | https://api.lsk.lightspeed.app/oauth/token |
API Clients are bound to the server they were issued for. This means that if you have a client for the trial environment, it will not work on the production environment. Likewise, if you have a production client, it will not work on the trial environment.
Quick Facts
- Access tokens expire after 60 minutes
- Refresh tokens expire after 14 days. If you do not use your refresh token within 14 days, you will need to request a new access token.
- Refresh tokens can only be used once
- Redirect URLs require HTTPS
Access to these APIs is currently only available to official Lightspeed Partners.
Error Handling
Your integration should have error handling in place for authentication issues, so that users can easily re-authorize your integration in the event that the refresh token should expire. See About Access Tokens for more details on best practices.