Developer docs for safe restaurant integrations.
Use scoped API keys, cursor pagination and signed webhooks to connect Limvero without bypassing tenant isolation or restaurant permissions.
Authentication
API keys are created inside the Restaurant Cabinet. The raw key is shown once, stored hashed on the backend and checked on every public API request. Use separate keys for separate systems so each integration can be rotated independently.
Read integration helpcurl https://api.limvero.com/api/v1/public/menu/items?limit=50 \
-H "Authorization: Bearer lv_live_REPLACE_WITH_YOUR_API_KEY"Developer materials
Public developer pages split overview, API reference, webhooks, changelog, sandbox and MCP boundaries so integrations can be reviewed without relying on hidden implementation notes.
API Reference
Implemented public endpoints, scopes, query limits, cursor pagination and response shape.
OpenAPI JSON
Machine-readable OpenAPI 3.1 document for implemented public endpoints only.
Webhooks
Webhook events, signature verification, retry behavior, destination safety and idempotent consumers.
Changelog
Public developer changelog policy, versioning, deprecation and breaking-change communication.
Sandbox and Staging
Safe integration rehearsal guidance without public production try-it or shared credentials.
MCP Integration
MCP boundary, available tools, input validation and shared Public API enforcement.
Scopes and endpoints
Public docs describe only implemented public API coverage. Write-heavy partner integrations, certified acquiring and provider-specific delivery sync remain separate integration work until contracted and implemented.
Available scopes
public.readBaseline read access for public API resources.
menu.readRead menu items with bounded cursor pagination.
orders.readRead tenant-scoped order lists with filters and pagination.
/api/v1/public/menu/itemsRead active menu items using explicit limit and cursor parameters.
Required scopes: public.read + menu.read
/api/v1/public/ordersRead order lists scoped to the API key tenant, with bounded filters and pagination.
Required scopes: public.read + orders.read
Pagination contract
List requests use explicit `limit` values and cursor tokens. Clients should process the current page, store the returned cursor and stop when the next cursor is empty.
{
"data": [{ "id": "menu_item_123", "name": "Pasta Verde" }],
"pagination": {
"nextPageToken": "menu_item_123",
"hasMore": true
}
}Errors and limits
Signed webhooks
Webhook endpoints are managed in Restaurant Cabinet. Limvero signs delivery payloads, retries failed events and blocks unsafe local/private destinations before storage and before delivery.
order.createdorder.updatedorder.sent_to_kitchenorder.paidorder.cancelledpayment.refundedpayment.voidedpayment.fiscal_receipt.recordedconst expected = hmacSha256(endpointSecret, rawRequestBody);
if (!constantTimeEqual(expected, limveroSignature)) {
throw new Error("Invalid Limvero webhook signature");
}
// Use event idempotency in your consumer:
// payment.refunded can be retried after delivery failures.MCP integration boundary
MCP tools use the same public API and domain services as other integrations. Tool arguments are validated before API calls and cannot bypass tenant scope, role permissions, API key scopes or backend business rules.
Plan a clean restaurant rollout.
Talk through locations, POS devices, kitchen workflow, menu migration, API needs and security review before launch.