Search in documentation
ctrl+4K
Modules
Authentication
Merchant
Catalog
Order
Events
Logistics
Shipping
Review
Financial
Solutions
Authentication
This authentication flow is for centralized applications that:
  • Operate in internal/private environments
  • Are not directly accessible from the internet
  • Are capable of securely storing the secret key on their server
Example: Servers in private VPC consuming iFood APIs to expose their own services.
Tokens cannot exceed 8,000 characters. Ensure your integration provides adequate storage for these tokens.

Get credentials and tokens

  1. Access your credentials
    • Open the Developer Portal
    • Navigate to My Apps > Application credentials
    You will find:
    • _clientId_ Unique identifier of your application
    • _clientSecret_ Key for obtaining access tokens. Store securely and never expose.
  2. Request the access tokenUse the clientId and clientSecret from your application to request an access token through the Authentication API.
  3. Use the received token The API returns the access token needed to consume our APIs.
    Centralized applications do not receive refresh tokens. Check our FAQ for more information.
  4. Access the resourcesInclude the token in requests to iFood APIs using Bearer-type HTTP authentication.

Practical implementation

The video below demonstrates the implementation of the application credential flow for centralized applications:
Was this page helpful?
Rate your experience in the new Developer portal:
On this page
Get credentials and tokens
Practical implementation
Content read0%