> ## Documentation Index
> Fetch the complete documentation index at: https://developers.loyaltylion.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API keys

API keys can be used to authenticate with the LoyaltyLion API. Each API key has a unique token, set of permissions (scopes) and can be disabled or deleted at any time.

LoyaltyLion partners can use API keys to build integrations, but we recommend using [OAuth](/api-reference/authentication/oauth) instead as it offers an improved user experience for merchants.

## Create an API key

Sign in to your LoyaltyLion account and then go to `Manage > API keys`, then click `Create API key` and follow the steps to create a new API key with the permissions you need.

The API token will be displayed after creation; be sure to save it in a secure location as it cannot be seen again.

## Use an API key

To use an API key, pass it as a `Bearer` token in the `Authorization` header of your request.

```bash theme={null}
# access_token: pat_e1c752f1b5cd8b743148a586e573b679

curl \
  --header 'Authorization: Bearer pat_e1c752f1b5cd8b743148a586e573b679' \
  --header 'Content-Type: application/json' \
  --url 'https://api.loyaltylion.com/v2/customers'
```

## API key scopes

Each API key has a set of permissions (scopes) that determine the actions it can perform. These scopes can be changed at any time. In principle, you should only select the scopes you need.

Our webhooks API is available to all access tokens, but you can only create webhooks for resources permitted by the token's scope. For example, a token without any `*_customers` scopes will not be able to register a `customers/update` webhook.

| Scope                 | Description                                                                                                           |
| --------------------- | --------------------------------------------------------------------------------------------------------------------- |
| `read_customers`      | Read-only access to customers, including their points, tiers, rewards and activities. Doesn't include orders.         |
| `write_customers`     | Read and write access to customers. Can add and remove customer points, change tiers and trigger customer activities. |
| `read_unsubscribes`   | Read-only access to the loyalty email unsubscribes list and unsubscribes webhook                                      |
| `write_unsubscribes`  | Read and write access to the loyalty email unsubscribes list. Can add emails to the list.                             |
| `read_orders`         | Read-only access to orders.                                                                                           |
| `write_orders`        | Read and write access to orders. Can create, update and cancel orders.                                                |
| `write_configuration` | Modify program configuration, such as rules and rewards                                                               |
| `read_reviews`        | Read-only access to reviews.                                                                                          |
| `write_reviews`       | Read and write access to reviews. Can create, update and delete reviews.                                              |