> ## Documentation Index
> Fetch the complete documentation index at: https://help.vori.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect to the Vori REST API

> Get a bearer token and call api.vori.com to pull your store's data programmatically.

The Vori REST API lets grocers pull data like store products programmatically. All requests go to `https://api.vori.com`, and full endpoint-level documentation — including every available field and parameter — is published at [api.vori.com/api](https://api.vori.com/api).

## Get a bearer token

<Note>
  If you or the integration consuming this API only need to read data, create a user with the **Read-only** role at the banner level and authenticate with that account instead of a full-access one. This avoids errors from write attempts you didn't anticipate needing, and limits the blast radius if the credentials are mishandled.
</Note>

Every API request must include a bearer token in the `Authorization` header. Get one by exchanging your Vori login email and password for a token via Google's Identity Toolkit:

<Steps>
  <Step title="Request a token">
    Send a `POST` request to:

    ```
    https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=AIzaSyBetj86Hkh--jwfI3gjF_m7qig9cVLlHdM
    ```

    with a JSON body containing your Vori credentials:

    ```json theme={null}
    {
        "email": "{{authEmail}}",
        "password": "{{authPassword}}",
        "returnSecureToken": true
    }
    ```

    Example using `curl`:

    ```bash theme={null}
    curl -X POST \
      "https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=AIzaSyBetj86Hkh--jwfI3gjF_m7qig9cVLlHdM" \
      -H "Content-Type: application/json" \
      -d '{
        "email": "your-email@example.com",
        "password": "your-password",
        "returnSecureToken": true
      }'
    ```
  </Step>

  <Step title="Extract the token">
    The response is a JSON object that includes an `idToken` field. This is your bearer token — use it in the `Authorization` header of subsequent requests to `https://api.vori.com`:

    ```
    Authorization: Bearer <idToken>
    ```
  </Step>
</Steps>

<Note>
  Tokens expire after an hour, so you'll need to repeat this exchange periodically rather than hardcoding a token indefinitely.
</Note>

### Use the refresh token instead of re-authenticating

The `verifyPassword` response also includes a `refreshToken` field. Instead of resending your email and password every hour, exchange that refresh token for a new `idToken` via Google's secure token endpoint:

```
https://securetoken.googleapis.com/v1/token?key=AIzaSyBetj86Hkh--jwfI3gjF_m7qig9cVLlHdM
```

with a JSON body:

```json theme={null}
{
    "grant_type": "refresh_token",
    "refresh_token": "{{refreshToken}}"
}
```

Example using `curl`:

```bash theme={null}
curl -X POST \
  "https://securetoken.googleapis.com/v1/token?key=AIzaSyBetj86Hkh--jwfI3gjF_m7qig9cVLlHdM" \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "refresh_token",
    "refresh_token": "your-refresh-token"
  }'
```

The response contains a new `id_token` (your bearer token) and a new `refresh_token` — store the new refresh token for the next exchange, since the old one may be rotated.

<Note>
  This uses Google Identity Toolkit's standard secure token exchange rather than a Vori-specific endpoint. Verify the response field names (`id_token`, `refresh_token`) against what you receive, since Google's REST API is documented outside of Vori's own docs.
</Note>

## Example: retrieve store products

Once you have a bearer token, call `/v1/store-products` to retrieve your store's products:

```bash theme={null}
curl -X GET "https://api.vori.com/v1/store-products" \
  -H "Authorization: Bearer <idToken>" \
  -H "Content-Type: application/json"
```

This returns the store products associated with your account. For the full list of supported query parameters, filters, and the shape of the response payload, see the live endpoint reference at [api.vori.com/api](https://api.vori.com/api).

## Next steps

Browse [api.vori.com/api](https://api.vori.com/api) for the complete catalog of available endpoints beyond store products — the same bearer token from the steps above works across all of them.


## Related topics

- [Connect to Vori MCP (mcp.vori.com)](/apis-and-ai-tools/connect-to-vori-mcp.md)
- [Troubleshoot Camera Scanner Connection Issues with the VoriOS app](/hardware-and-peripherals/handheld-and-mobile-devices/troubleshoot-camera-scanner-connection-issues-with-the-vori-os-app.md)
- [Troubleshoot Handheld Barcode Scanner Connectivity](/hardware-and-peripherals/cashier-handheld-scanner-and-countertop-scale/troubleshoot-handheld-barcode-scanner-connectivity.md)
