> ## Documentation Index
> Fetch the complete documentation index at: https://docs.koulis.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# How to Authenticate with the La Krème Restaurant API

> The Restaurant API requires a JWT Bearer token from your session. The Widget API is public — pass only your publicToken in the URL path.

Authentication works differently depending on which API surface you are using.

## Widget API — no authentication required

The Widget API is fully public. Every endpoint uses your `{publicToken}` directly in the URL path. This token identifies your restaurant and is safe to expose in client-side code.

```
GET https://api.lakreme.fr/api/v1/widget/{publicToken}/config
```

You do not need to send any headers or credentials. Anyone with your public token can call the Widget API, which is intentional — it powers your guest-facing booking page.

## Restaurant API — JWT Bearer token required

Every endpoint under `/api/v1/restaurant/` requires an `Authorization` header containing a valid JWT Bearer token. You obtain this token by signing in through La Krème's login flow. After a successful login, your session includes an `access_token` — this is the JWT you pass to the API.

### Sending your token

Include the token as a Bearer value in the `Authorization` header on every request:

```
Authorization: Bearer YOUR_JWT_TOKEN
```

### Example with curl

```bash theme={null}
curl https://api.lakreme.fr/api/v1/restaurant/me \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"
```

For requests with a body, also set the `Content-Type` header:

```bash theme={null}
curl https://api.lakreme.fr/api/v1/restaurant/me \
  -X PATCH \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"accent_color": "#e85d4a"}'
```

## Token expiry

JWT tokens expire after a period of time. When your token expires, the API returns a `401 Unauthorized` response. Re-authenticate through La Krème's login flow to get a fresh token and retry the request.

## Error responses

| Status             | Meaning                                                                                                                                                 |
| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `401 Unauthorized` | Your token is missing, malformed, or expired. Re-authenticate to get a new token.                                                                       |
| `403 Forbidden`    | Your token is valid but you don't have permission to access this resource. This typically means the resource belongs to a different restaurant account. |
