Authentication
Token & secret (deprecated)
Token and secret authentication is deprecated and should not be used for
authentication with the API, and will only be supported until January 10, 2027.Please migrate your authentication to API keys,
which provide scoped access to your LoyaltyLion account and can be easily disabled and rotated.
token as the username, and the secret as the password. For example, using cURL:
Migrating to API keys
Merchants
If you’re a merchant using the LoyaltyLion API, simply create a new API key in your LoyaltyLion account and use it instead of your token and secret.LoyaltyLion partners
If you’re a LoyaltyLion partner and are only using OAuth to authenticate with
our API, you do not need to do anything
1
Update your setup guides and documentation
Update any merchant-facing setup guides and documentation so it requests an API key from the merchant instead of a token and secret. If you aren’t sure which API scopes you need to ask for, let us know.
2
Update your backend code to use API keys
Update your backend code where you’re calling the LoyaltyLion API, so it can
authenticate using an API key.Note that, for a transition period, you’ll need to support both forms of authentication,
as you’ll likely have some merchants still using token and secret, and newer
merchants using API keys.
3
Update all existing merchant integrations with API keys
Finally, you’ll need to update all existing merchant integrations to have an API
key instead of a token and secret.To do this quickly and easily, you can provide us with a list of LoyaltyLion token & secret pairs
that you have, and we’ll create and provide a suitable API key for each, which you can
then begin using immediately.To do this, email us at support@loyaltylion.com,
indicating that you’re a LoyaltyLion partner and would like to migrate to API keys.
Do not include any token or secret pairs in your email.