Olo

Olo Ordering API

The Olo Ordering API is the platform's flagship order-injection surface, enabling certified partner apps, branded restaurant clients, and white-label storefronts to push custom orders, baskets, and payment authorizations into Olo's network of 90,000+ restaurant locations. The API covers menu retrieval, basket construction, basket validation, fulfillment options (pickup, curbside, dine-in, delivery), gift cards, coupons, loyalty redemption, and order submission. Requests are signed with HMAC-based signature authorization; sandbox credentials are issued through the Olo Developer Portal after partner certification.

Documentation GitHub OpenAPI

OpenAPI Specification

openapi: 3.1.0
info:
  title: Olo Ordering API
  description: >-
    The Olo Ordering API is the platform's order-injection surface, enabling
    certified partner apps and branded restaurant clients to retrieve brand and
    menu data, build and validate baskets, and submit orders into Olo's network of
    restaurant locations. Requests are authorized with an HMAC-SHA256 signature
    over a canonical message (client id, HTTP verb, content type, base64 SHA-256 of
    the body, path and query, and the Date header), sent in the Authorization header
    as "OloSignature {clientId}:{signature}" alongside an RFC 1123 Date header.
    Sandbox credentials are issued through the Olo Developer Portal after partner
    certification. The operations documented here are sourced from Olo's official
    signature-authorization code samples (github.com/ololabs/dev-support-code-samples).
    The full reference is gated behind the Olo Developer Portal.
  version: '1.1'
  contact:
    name: Olo Developer Support
    url: https://developer.olo.com/
externalDocs:
  description: Olo Developer Portal
  url: https://developer.olo.com/
servers:
  - url: https://ordering.api.olosandbox.com
    description: Olo Ordering API sandbox
  - url: https://ordering.api.olo.com
    description: Olo Ordering API production
security:
  - OloSignature: []
tags:
  - name: Brand
    description: Brand-level configuration and metadata
  - name: Users
    description: Guest account lookups
  - name: Rails
    description: Marketplace Rails partner export and order injection operations
paths:
  /v1.1/brand:
    get:
      tags:
        - Brand
      summary: Get Brand
      description: Retrieve configuration and metadata for the brand associated with the authenticated partner credentials.
      operationId: getBrand
      responses:
        '200':
          description: Brand configuration and metadata.
          content:
            application/json:
              schema:
                type: object
                additionalProperties: true
        '401':
          $ref: '#/components/responses/Unauthorized'
  /v1.1/users/exists:
    post:
      tags:
        - Users
      summary: Check User Exists
      description: Check whether a guest account already exists for a given email address.
      operationId: checkUserExists
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                email:
                  type: string
                  format: email
                  description: The email address to check for an existing guest account.
              required:
                - email
      responses:
        '200':
          description: Whether a user exists for the supplied email.
          content:
            application/json:
              schema:
                type: object
                additionalProperties: true
        '401':
          $ref: '#/components/responses/Unauthorized'
  /v1.1/vendorexport/status:
    get:
      tags:
        - Rails
      summary: Get Vendor Export Status
      description: Retrieve the status of the Rails vendor (restaurant) export for the authenticated marketplace partner.
      operationId: getVendorExportStatus
      responses:
        '200':
          description: The vendor export status.
          content:
            application/json:
              schema:
                type: object
                additionalProperties: true
        '401':
          $ref: '#/components/responses/Unauthorized'
  /v1.1/baskets/create:
    post:
      tags:
        - Rails
      summary: Create Basket
      description: Create a new basket for a vendor (restaurant) location to begin assembling an order for injection.
      operationId: createBasket
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                vendorid:
                  type: integer
                  description: The Olo vendor (restaurant) identifier the basket is created for.
              required:
                - vendorid
      responses:
        '200':
          description: The created basket.
          content:
            application/json:
              schema:
                type: object
                additionalProperties: true
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  securitySchemes:
    OloSignature:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        HMAC-SHA256 signature authorization. The signed message is the newline-joined
        concatenation of clientId, HTTP verb, content type, base64-encoded SHA-256 hash
        of the request body, path and query, and the RFC 1123 timestamp. The result is
        base64-encoded and sent as "OloSignature {clientId}:{signature}" in the
        Authorization header, with the matching timestamp in the Date header.
  responses:
    Unauthorized:
      description: The request signature was invalid or missing.

Olo Ordering API

Documentation

Specifications

Code Examples

Examples

Other Resources

OpenAPI Specification