API Managed Users

API Managed Users is a feature that allows external systems to create, view, and update user information in Restaurant365 (R365) using the Public API. This functionality is ideal for organizations who need to integrate R365 user data into their own systems and manage user records programmatically.

Key Functionality

API Access allows developers to:

• View existing users (User GET)

  • Returns existing users and includes their general information, user roles, report roles, and location access.

• View existing User Roles (User Role GET)

  • Returns existing User Roles and their IDs, but does not include the assigned permissions.

• View existing Report Roles (Report Role GET)

  • Returns existing Report Roles and their IDs, but does not include the assigned reports.

• Update existing users (User PATCH)

  • Updates existing users including updates to their general information, user roles, report roles and location access.

• Create new users (User POST)

  • Creates new user records and sets the values for their general information, user roles, report roles and location access.

Setup Requirements

To manage users via API, the following must be in place:

• API access and authentication to R365 Public API.

• User creation and update requests must include:

  • Username

  • Email

  • Default Location (as a GUID)

  • Assigned User Role ID

• For reporting access, appropriate reporting roles must be assigned.

• Developers must implement paging for large datasets and avoid overloading the system with frequent or overly broad queries.

API User Permissions

Enable or disable edits in R365 for API managed users on the API User Permissions tab of Security & Permissions.

When enabled, API managed users can be updated in R365 or via API.

When disabled, API managed users can only be updated via API.

API Behavior Notes

• If a user has allLocationAccess = true, location details will not be returned in the user data.

• If allReportsAcess = true, report role details will not be returned.

• When no external locations are assigned, the externallocations array will be omitted (not returned as empty).

  • External locations only apply to corporate brand owners who use Brand Manager and are linked to franchisee instances.

    This field is not applicable to organizations outside of this configuration.

• Duplicate users (email or username match) will result in a conflict error (409).

• Invalid or missing data (e.g., malformed email, missing roles) will return appropriate validation errors.

Brand Considerations

For corporate brand instances using Brand Manager, the ManagedByBrand value is automatically assigned based on the brand linked to the instance. This ensures all API-created users are correctly associated and managed under their brand.

Corporate Instances

Security & Permissions

The API User Permissions tab of the Security & Permissions page is always included in corporate instances. When a corporate instance is connected to multiple brands, the option to allow or restrict edits to API managed users in R365 is set by brand in the API User Permissions tab.

For franchisee instances linked to a corporate brand, the decision to allow edits is determined at the brand level. The brand toggle is only editable from the corporate instance. In each linked instance, the toggle appears but is read-only, as only the corporate instance can manage brand-level settings.

Franchisees Instances

For franchisees connected to a brand, edit access for API managed users is controlled at the brand level. The toggle appears in franchisee instances but is read-only—only the corporate instance can manage this setting.

API-managed users associated with a brand will display the managing brand on their user record.

Organizations using the brand connector will see: ‘User managed by [Brand Name]’ on pages where user access is managed. This label indicates the user is managed at the brand level and cannot be edited within the instance.