Everything that runs your business is accessible over a REST API. Menus, prices, allergens, orders, customers, loyalty, reporting. OAuth2 auth, webhooks for real-time events, no vendor lock-in on your data.
Your data. Your integrations. Your platform. Built for the groups and in-house tech teams who want to go further than a closed box lets them.
Pull orders, menus, customers, live metrics, loyalty, couriers, product catalogues, location config. Feed BI tools, dashboards, reconciliations and reports.
200 GET endpoints across 32 domains.
Update prices and allergens at scale. Create and edit products, modifiers, deals, vouchers, loyalty schemes, sales channels, location settings.
393 write endpoints across menu, pricing, customers, operations.
Webhooks fire on order and menu events. Push a new order into a BI pipeline the moment it's placed. Sync stock out to your warehouse. Trigger a courier.
OAuth2 auth, RFC 7807 errors, trace IDs on every response.
Every request is authenticated with an OAuth2 bearer token. All IDs are GUIDs. All endpoints are scoped to your organisation — you can't accidentally touch another operator's data.
Update pricing across variants, occasions (delivery, collection, dine-in, counter) and locations in a single call.
PUT /organizations/{organizationId}/products/{productId}/pricing
Authorization: Bearer <access_token>
Content-Type: application/json
{
"variants": [
{
"name": "Regular",
"prices": [
{ "occasion": "Delivery", "price": 9.50, "taxRate": 0.20 },
{ "occasion": "Collection", "price": 8.50, "taxRate": 0.20 },
{ "occasion": "DineIn", "price": 9.00, "taxRate": 0.20 }
]
}
]
}
Response — 202 Accepted
// Change is accepted asynchronously and propagates to every
// sales channel — website, kiosk, POS, aggregators — within seconds.
Add a product to your menu. Same endpoint for a main, a side, a dessert, or a drink — classification is via the product group.
POST /organizations/{organizationId}/products
Authorization: Bearer <access_token>
Content-Type: application/json
{
"name": "Garlic Bread",
"description": "Fresh-baked flatbread, garlic butter, parsley",
"productGroupId": "b5c7a0f4-3e2a-4c1d-8e11-2a9f4bd31c27"
}
Response — 202 Accepted
// The new product is created. Follow up with PUT /pricing to set prices,
// PUT /allergens to declare allergens, and PUT /availability to switch it on.
Declare allergens properly — Natasha's Law compliant. Every declaration is either Contains or MayContain, with an optional note.
PUT /organizations/{organizationId}/products/{productId}/allergens
Authorization: Bearer <access_token>
Content-Type: application/json
{
"allergens": [
{ "allergen": "Cereals", "assertion": "Contains", "note": "Wheat flour" },
{ "allergen": "Milk", "assertion": "Contains" },
{ "allergen": "Sesame", "assertion": "MayContain", "note": "Shared prep area" }
]
}
Supported allergens
// Celery, Cereals, Crustaceans, Egg, Fish, Lupins, Milk,
// Molluscs, Mustard, Nuts, Peanuts, Sesame, Soya, Sulphites
Pull today's sales split by channel — website, kiosk, POS, Uber Eats, Deliveroo, Just Eat. Ideal for a morning-standup dashboard or a live board display.
GET /organizations/{organizationId}/metrics/orders/channel
?TradingDays.NamedDateRange=Today
Authorization: Bearer <access_token>
Response — 200 OK
[
{
"salesChannel": "Website",
"occasions": [
{ "occasion": "Delivery", "orders": 142, "netSales": 3284.10 },
{ "occasion": "Collection", "orders": 71, "netSales": 1402.55 }
]
},
{
"salesChannel": "UberEats",
"occasions": [
{ "occasion": "Delivery", "orders": 58, "netSales": 1547.80 }
]
},
{
"salesChannel": "Kiosk",
"occasions": [
{ "occasion": "Counter", "orders": 34, "netSales": 612.20 }
]
}
]
List active orders in real time, or page through history. Drill into any order for lines, payments, timings and fulfilment status.
GET /organizations/{organizationId}/orders/live?LocationId={locationId}
Authorization: Bearer <access_token>
Page through recent orders
GET /organizations/{organizationId}/orders
?LocationId={locationId}
&StatusGroup=Active
&Page=1
&PageSize=50
Authorization: Bearer <access_token>
Fetch one order in detail
GET /organizations/{organizationId}/orders/{id}
Authorization: Bearer <access_token>
// Returns the full order — reference, customer, address, lines,
// modifiers, deals, payments, status history, make-time, ready-time,
// dispatch-time, delivered-time, driver assignment, courier, receipts.
Want to push orders in or manage dispatch over API? That's available too — just talk to us about the use case and we'll send the full docs.
Six deep-dives — every page carries real endpoint paths, request and response JSON, and practical patterns for the integrations our customers build most often.
Auth, environments, your first API call, error handling, rate limits.
Products, modifiers, variants, prices by occasion, allergens, deals.
Live orders, history, refunds, lines, payments, status, webhooks.
Profiles, loyalty tier progress, marketing segments, feedback.
Sales by channel, product mix, cash reconciliation, BI exports.
Webhooks, courier bookings, payment devices, signed payloads.
Andromeda uses standard OAuth2 and OpenID Connect. Your organisation is issued a client and secret; you exchange them for a short-lived access token and include it as a Bearer header on every call. Tokens scope automatically to your organisation and to the locations your user is permitted to see — there is no way to reach another operator's data.
POST https://portal-identity.azurewebsites.net/connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=<your_client_id>
&client_secret=<your_client_secret>
&scope=andromeda-api
All errors follow RFC 7807 — predictable shape, trace ID for support, no guessing.
Our customers use the API to pipe live sales into Power BI and Looker, reconcile payments into Xero, sync stock out to their warehouse system, automate price changes across hundreds of sites, plug loyalty data into email platforms, and feed bespoke franchisee dashboards.
Papa Johns UK runs over 400 sites on Andromeda. Founded in 1998, we've been building for restaurant groups longer than most of our competitors have existed. The API is how chains at that scale stay in control of their own data.
Yes. Every integration starts against our test environment at test-portal-api.azurewebsites.net (writes) and test-portal-queries-api.azurewebsites.net (reads). You get a non-production organisation, test data and a separate client credential. Promotion to production is a config change, not a code change.
The Andromeda Portal API is on OpenAPI 3.1 with additive changes as the default and semantic deprecation for breaking changes. We publish the spec directly from the running services, so it's always in sync with what the API actually does.
Yes, per-organisation rate limits apply to protect platform stability. Standard limits suit every integration we've seen. Enterprise groups with unusual throughput requirements get bespoke limits — just talk to us.
Order lifecycle (received, accepted, prepared, ready, dispatched, delivered, cancelled, refunded), menu sync events, and customer events. Webhooks are signed — you verify the signature on receipt so only Andromeda can deliver them.
Yes, but it's a conversation not a self-serve feature — pushing orders in means routing them through the POS, kitchen and payment flow correctly. Talk to us about the channel you want to build and we'll walk through the right way to wire it up.
Today, full Swagger is available against the test environment with your credentials. We're preparing a public developer docs site at docs.andromeda.uk — if you're working on an integration now, tell us and we'll give you access direct.
Tell us what you want to integrate with and we'll get you credentials, docs and a technical contact.
Talk to our team