Authorization FAQ
The Lightspeed Restaurant K-Series APIs support OAuth2 authentication using the authorization code grant flow.
See Authorization Overview and our Authentication Tutorial for more details on how to connect.
Endpoints
Below are the URLs that should be used during the authorization process.
| Environment | Authorization URL | Token URL |
|---|---|---|
| Trial | https://api.trial.lsk.lightspeed.app/oauth/authorize | https://api.trial.lsk.lightspeed.app/oauth/token |
| Production | https://api.lsk.lightspeed.app/oauth/authorize | https://api.lsk.lightspeed.app/oauth/token |
Quick Facts
- Access tokens expire after 60 minutes
- Refresh tokens expire after 14 days. If you do not use your refresh token within 14 days, you will need to request a new access token.
- Refresh tokens can only be used once
- Redirect URLs require HTTPS
Note
Access to these APIs is currently only available to official Lightspeed Partners.
Error Handling
Your integration should have error handling in place for authentication issues, so that users can easily re-authorize your integration in the event that the refresh token should expire. See Managing Access Tokens for more details on best practices.