Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.everybite.com/llms.txt

Use this file to discover all available pages before exploring further.

Menu data is valuable. It represents a restaurant’s brand, pricing strategy, and competitive positioning. It also powers limited-time offers, regional variations, and location-specific pricing. EveryBite’s access levels give restaurants complete control over who can access their data, what information they can see, and who can update it. A chain with different menus in the South? Supported. A franchisee who manages their own LTOs? No problem. A parent company that needs visibility across all brands? Built in.

Why Access Levels Matter

Restaurant ownership structures are complex. A single restaurant, a regional franchise group, and a global brand parent company all have different needs—and different rights to the data. Consider a parent company like Yum! Brands. They own Taco Bell, KFC, and Pizza Hut. A technology partner building an app for Yum! needs access to all three chains. But a franchisee building a local ordering app should only see their own locations. And a third-party delivery service partnering with one KFC location shouldn’t see data from the location across town. EveryBite’s access levels mirror these real-world relationships:
LevelWho Uses ItWhat They See
RestaurantSingle locations, franchiseesOne location’s menus
ChainRestaurant chains, regional groupsAll locations in the chain
BrandParent companies, enterprise partnersAll chains under the brand
This structure ensures:
  • Chains maintain consistency while allowing regional variation
  • Parent companies get portfolio-wide visibility without exposing individual operator data
  • Third-party partners access only what they’ve been explicitly granted

API Keys

Your API key is your credential for accessing menu data. Each key is scoped to a specific level in the restaurant hierarchy based on your relationship with the brand. Authentication is done by setting the Authorization header to the raw API key value. The value starts with pk_. Do not add a Bearer prefix. 
# Include your API key in the Authorization header
Authorization: pk_YWJjMTIzLWRlZjQ1Ni03ODkw.x9Kj2mNpQrStUvWxYz
If you are testing requests in the docs explorer or directly against https://api.everybite.com/graphql, set:
  • Header name: Authorization
  • Header value: pk_YOUR_API_KEY
Paste only the raw pk_... value into the auth or headers tab.

Key Types

For: Single-location restaurants or franchiseesAccess: One restaurant location and its menus

Getting Your Key

Coming Soon — We’re rolling out developer sandbox access. Contact us to join the early access waitlist.
Once approved, you’ll receive API credentials through our partner onboarding process. Your key identifies which restaurant brand’s menu data your application can access.
Keep your API key secure. Do not expose it in client-side code or public repositories. Always proxy API requests through your backend.

Environments

EnvironmentBase URLStatus
Sandboxhttps://api.everybite.com/graphqlComing soon
Productionhttps://api.everybite.com/graphqlPartner access
Sandbox access is rolling out to early partners. Contact us to join the waitlist.

Session-Based Context

All guest context is bound to the session when you call startSession. This includes:
  • Chain & Location — Which restaurant and location
  • Platform — Touchpoint: IOS, ANDROID, WEB, KIOSK, POS, VOICE
  • Guest Identity — Your guest ID or loyalty ID
  • Passport — EveryBite Passport ID, if they have one
Once the session is created, your runtime API calls only need three headers: 
curl -X POST https://api.everybite.com/graphql \
  -H "Authorization: pk_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Session-ID: sess_7f3a9c2e-8b1d-4e5f-a6c0-9d2e8f1a3b5c" \
  -d '{"query": "..."}'

EveryBite Passport

If a guest has an EveryBite Passport, include their passportId when starting the session. This loads their saved dietary preferences automatically—no need to pass filters manually. See the Quickstart for complete session and header examples.

Rate Limits

Key TypeRequests/minuteRequests/day
Restaurant6010,000
Chain300100,000
Brand1,000Unlimited
Rate limit headers are included in every response: 
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 297
X-RateLimit-Reset: 1703001600

Error Codes

CodeMeaningSolution
INVALID_API_KEYKey is malformed or expiredCheck your key, request a new one if expired
UNAUTHORIZED_ACCESSKey doesn’t have access to requested dataVerify your key’s access level
RATE_LIMITEDToo many requestsSlow down, implement backoff
KEY_REVOKEDKey has been revokedContact support