Marketing API Authentication
The Marketing reporting API uses a Breesy-issued bearer token.
Authentication Model
- Breesy issues the token directly to the integration team
- The client does not call a token exchange endpoint
- One service account can have access to multiple granted franchises
- Each issued token expires after 24 months
Example Header
Authorization: Bearer marketing_live_01hzk7r8k3qf4b2n9v6m1x5wExpiration And Renewal
Tokens are valid for 24 months.
When a token expires, the integration team must obtain a newly issued token from Breesy before continuing to call the API.
Access Rules
Each token is tied to a service account and a franchise allowlist.
franchise_idmust be granted to that tokenlocation_id, when supplied, must belong to the requested granted franchise
Expected Auth Errors
| Status | Meaning |
|---|---|
401 | Missing, invalid, or expired bearer token |
403 | Token is valid, but the requested franchise or location is not allowed |