API keys can be used to authenticate with the LoyaltyLion API. Each API key has a unique token, set of permissions (scopes) and can be disabled or deleted at any time. LoyaltyLion partners can use API keys to build integrations, but we recommend using OAuth instead as it offers an improved user experience for merchants.

Create an API key

Sign in to your LoyaltyLion account and then go to Manage > API keys, then click Create API key and follow the steps to create a new API key with the permissions you need. The API token will be displayed after creation; be sure to save it in a secure location as it cannot be seen again.

Use an API key

To use an API key, pass it as a Bearer token in the Authorization header of your request. 
# access_token: pat_e1c752f1b5cd8b743148a586e573b679

curl \
  --header 'Authorization: Bearer pat_e1c752f1b5cd8b743148a586e573b679' \
  --header 'Content-Type: application/json' \
  --url 'https://api.loyaltylion.com/v2/customers'

API key scopes

Each API key has a set of permissions (scopes) that determine the actions it can perform. These scopes can be changed at any time. In principle, you should only select the scopes you need. Our webhooks API is available to all access tokens, but you can only create webhooks for resources permitted by the token’s scope. For example, a token without any *_customers scopes will not be able to register a customers/update webhook.
ScopeDescription
read_customersRead-only access to customers, including their points, tiers, rewards and activities. Doesn’t include orders.
write_customersRead and write access to customers. Can add and remove customer points, change tiers and trigger customer activities.
read_unsubscribesRead-only access to the loyalty email unsubscribes list and unsubscribes webhook
write_unsubscribesRead and write access to the loyalty email unsubscribes list. Can add emails to the list.
read_ordersRead-only access to orders.
write_ordersRead and write access to orders. Can create, update and cancel orders.