Skip to content
Breesy Documentation

Marketing API Authentication

The Marketing reporting API uses a Breesy-issued bearer token.

Base URL

Use the Breesy API domain for all requests:

https://api.breesy.app

Authentication Model

  • Breesy admins issue the token from the Breesy admin console and provide it directly to the integration team
  • The client does not call a token exchange endpoint
  • One service account can have access to multiple granted franchises
  • Each issued token expires after 24 months
  • Tokens are shown once at creation; Breesy stores only a hash and a non-secret key prefix for identification

Example Header

Authorization: Bearer <api_token>

Expiration And Renewal

Tokens are valid for 24 months.

When a token expires, the integration team must obtain a newly issued token from Breesy before continuing to call the API.

If a token is compromised or no longer needed, Breesy can revoke it from the admin console. Revoked tokens stop working immediately.

Access Rules

Each token is tied to a service account and a franchise allowlist.

  • Use /marketing/franchises to fetch the franchise IDs granted to the token
  • franchise_id must be granted to that token
  • location_id, when supplied, must belong to the requested granted franchise

Expected Auth Errors

StatusMeaning
401Missing, invalid, or expired bearer token
403Token is valid, but the requested franchise or location is not allowed