Developer DocsREST APIWebhooks

Svarly Integration API

Build against Svarly to sync tickets, menus, analytics, team workflows, and webhook-driven events for restaurant operations.

Reference

API Endpoints

Full endpoint catalog with auth, request examples, and responses.

Events

Webhook Guide

Event types, payload formats, signature verification, and retries.

Overview

JSON-first REST API with tenant-scoped data.
Webhook-driven architecture for telephony, billing, and SMS workflows.
Built for operational reliability with idempotent-safe patterns and queue-backed processing.

Base URL & Versioning

Base URL: https://svarly.se/api

Current public API version: v1 (implicit)

Backward-compatible changes are released without path changes. Breaking changes are introduced under explicit versioned routes (for example /api/v2).

Authentication

Tenant session auth

Dashboard/user endpoints require an authenticated tenant session (cookie or bearer token).

Webhook signatures

Provider callbacks (Stripe/Vonage) must include a valid signature/authorization header.

Kitchen token auth

Kitchen flow endpoints require x-kitchen-token tied to a specific tenant.

Rate limits

POST /api/sms/ready: 10 requests / 15 minutes per IP.
GET|POST /api/gdpr/export and POST /api/gdpr/delete: GDPR-specific throttling per tenant + IP.
GET /api/kitchen/:token: 10 requests / minute per IP (anti-bruteforce).
Responses may include 429 with a Retry-After header.