Authentication
API keys
API keys can be used to authenticate with the LoyaltyLion API. Each API key has a unique token, set of permissions (scopes) and can be disabled or deleted at any time.
LoyaltyLion partners can use API keys to build integrations, but we recommend using OAuth instead as it offers an improved user experience for merchants.
Create an API key
Sign in to your LoyaltyLion account and then go toManage > API keys, then click Create API key and follow the steps to create a new API key with the permissions you need.
The API token will be displayed after creation; be sure to save it in a secure location as it cannot be seen again.
Use an API key
To use an API key, pass it as aBearer token in the Authorization header of your request.
API key scopes
Each API key has a set of permissions (scopes) that determine the actions it can perform. These scopes can be changed at any time. In principle, you should only select the scopes you need. Our webhooks API is available to all access tokens, but you can only create webhooks for resources permitted by the token’s scope. For example, a token without any*_customers scopes will not be able to register a customers/update webhook.
| Scope | Description |
|---|---|
read_customers | Read-only access to customers, including their points, tiers, rewards and activities. Doesn’t include orders. |
write_customers | Read and write access to customers. Can add and remove customer points, change tiers and trigger customer activities. |
read_unsubscribes | Read-only access to the loyalty email unsubscribes list and unsubscribes webhook |
write_unsubscribes | Read and write access to the loyalty email unsubscribes list. Can add emails to the list. |
read_orders | Read-only access to orders. |
write_orders | Read and write access to orders. Can create, update and cancel orders. |
write_configuration | Modify program configuration, such as rules and rewards |