Authentication
The API uses Bearer JWT tokens for authentication. Obtain a token using client credentials, then include it in the Authorization header of all subsequent authenticated requests.
Get Access Token
Obtain a JWT access token using client credentials. This token is required for all authenticated endpoints.
This endpoint does not require an existing token — it is used to obtain one.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| clientId | string | required | Your client identifier issued by the platform. Contact HD team to obtain. |
| clientSecret | string | required | Your client secret issued by the platform. Contact HD team to obtain. |
Request Example
{
"clientId": "your-client-id",
"clientSecret": "your-client-secret"
}Response
Returns a JWT access token on success.
Response Example
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 1800
}Using the Token
Pass the token as a Bearer token in the Authorization header on every authenticated request:
Authorization: Bearer <token>Full Header Example
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...Tokens expire after 1800 seconds (30 minutes). If you receive a 401 Unauthorized response, re-authenticate by calling POST /ret11/auth/token again to obtain a fresh token.
Every API endpoint — including discovery (nearby restaurants, menu), cart, orders, ONDC transactions, and user management — requires a valid Bearer token.