Migration FAQ
Introduction
This article outlines the differences between V1 and V2 authentication methods for the Lightspeed Restaurant K-Series APIs, and provides guidance on how to migrate from V1 to V2 authentication.
Key Differences Between V1 and V2 Authentication
| Feature | V1 Authentication | V2 Authentication |
|---|---|---|
| Authorization URL - TRIAL | https://api.trial.lsk.lightspeed.app/oauth/authorize | https://auth.lsk-demo.app/realms/k-series/protocol/openid-connect/auth |
| Authorization URL - PRODUCTION | https://api.lsk.lightspeed.app/oauth/authorize | https://auth.lsk-prod.app/realms/k-series/protocol/openid-connect/auth |
| Token URL - TRIAL | https://api.trial.lsk.lightspeed.app/oauth/token | https://auth.lsk-demo.app/realms/k-series/protocol/openid-connect/token |
| Token URL - PRODUCTION | https://api.lsk.lightspeed.app/oauth/token | https://auth.lsk-prod.app/realms/k-series/protocol/openid-connect/token |
| Scopes | See Access Scopes | All previous scopes can be requested. Optional scope offline_access now available. See Offline Access for more information. All clients will automatically request User Profile and Email scopes, in addition to the scopes specified |
| Token Expiry | Tokens expire after 60 minutes | Token expiry variable, must be checked dynamically |
| Refresh Tokens | Expire after 14 days | Refresh token expiry variable, must be checked dynamically. Tokens without offline_access will have a shorter lifespan. |
| Client Prefix | devp (ex. devp-1234-2345-3456-1234) | devp-v2 (ex. devp-v2-1234-2345-3456-1234). |
| Token Request Method | POST with URL parameters | POST with parameters in request body. |
Migration steps
Make the following changes to your integration to migrate from V1 to V2 authentication:
Request V2 API Credentials
Request new API credentials from the Lightspeed developer portal.
As of November 10, 2025 all newly created API clients are V2 by default. Existing V1 clients will continue to work until applications have been migrated to V2.
Update Client IDs and Secrets
Update your client IDs and secrets to the new V2 API credentials.
Update Authorization and Token URLs
Update the authorization and token URLs in your OAuth2 configuration to the new V2 URLs. Ensure you are using the correct URL for either the trial or production environment.
Update Token Handling Logic
Review and update any logic in your application that handles tokens, including storage, retrieval, and expiration checks, to accommodate the changes in token structure and behavior in V2. See Managing Access Tokens for best practices.
Test the Integration
After making the necessary changes, thoroughly test your integration to ensure that authentication and API requests function as expected under V2 authentication.
Reauthorize Merchant Accounts
Direct merchants to reauthorize in order to generate new access and refresh tokens under V2 authentication.