Token and secret authentication is deprecated and should not be used for
authentication with the API, and will only be supported until January 10, 2027.Please migrate your authentication to API keys,
which provide scoped access to your LoyaltyLion account and can be easily disabled and rotated.
The LoyaltyLion API supports Basic Authentication as defined in RFC2617 using your token and secret. These can be found in your LoyaltyLion settings.Use the token as the username, and the secret as the password. For example, using cURL:
If you’re a LoyaltyLion partner and are only using OAuth to authenticate with
our API, you do not need to do anything
If you’re a LoyaltyLion partner using token and secret authentication, you will need to
do the following before January 10, 2027. Alternatively, you can migrate to
using OAuth instead.
1
Update your setup guides and documentation
Update any merchant-facing setup guides and documentation so it requests an API key
from instead of a token and secret. If you aren’t sure which API scopes you need to ask for,
let us know
2
Update your backend code to use API keys
Update your backend code where you’re calling the LoyaltyLion API, so it can
authenticate using an API key.Note that, for a transition period, you’ll need to support both forms of authentication,
as you’ll likely have some merchants still using token and secret, and newer
merchants using API keys.
3
Update all existing merchant integrations with API keys
Finally, you’ll need to update all existing merchant integrations to have an API
key instead of a token and secret.To do this quickly and easily, you can provide us with a list of LoyaltyLion token & secret pairs
that you have, and we’ll create and provide a suitable API key for each, which you can
then begin using immediately.To do this, email us at support@loyaltylion.com,
indicating that you’re a LoyaltyLion partner and would like to migrate to API keys.
Do not include any token or secret pairs in your email.