> ## Documentation Index
> Fetch the complete documentation index at: https://developers.loyaltylion.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Create WebView Session
Required scopes: `write_customers`
This endpoint has a rate limit of 100 requests per second
Create a short-lived WebView session for a site. This session includes a URL that
can be used to [render an embedded Loyalty Page in a WebView](/sdk/webviews/render-in-webview).
If you have an authenticated customer, you can include their ID and email when
creating the session. This will allow rendering a WebView with a customer context,
allowing the customer to view their points and redeem rewards.
You must only include a customer when generating an WebView session if you
have already authenticated them in your app, i.e. using Shopify's own
authentication, or multipass.
## OpenAPI
````yaml /api-reference/v2/openapi.json POST /v2/sites/{site_id}/webviews/sessions
openapi: 3.1.1
info:
title: LoyaltyLion Admin API
version: v2
servers:
- url: https://api.loyaltylion.com
security: []
tags:
- name: identity
- name: activities
- name: orders
- name: transactions
- name: customers
- name: webhooks
- name: emails
- name: sites
- name: reviews
- name: rewards
- name: integrations
- name: gatsby
paths:
/v2/sites/{site_id}/webviews/sessions:
post:
tags:
- sites
operationId: sites.createWebviewSession
parameters:
- name: site_id
in: path
required: true
schema:
type: number
requestBody:
description: Body
content:
application/json:
schema:
$ref: '#/components/schemas/SitesCreateWebviewSessionRequestBody'
responses:
'201':
description: '201'
content:
application/json:
schema:
$ref: '#/components/schemas/SitesCreateWebviewSessionResponseBody'
'400':
$ref: '#/components/responses/ClientErrorBadRequest'
'401':
description: '401'
content:
application/json:
schema:
type: object
properties:
error:
type: object
properties:
message:
type: string
details:
type: object
propertyNames:
type: string
additionalProperties:
type: string
required:
- message
additionalProperties: false
required:
- error
additionalProperties: false
'403':
description: '403'
content:
application/json:
schema:
type: object
properties:
error:
type: object
properties:
message:
type: string
details:
type: object
propertyNames:
type: string
additionalProperties:
type: string
required:
- message
additionalProperties: false
required:
- error
additionalProperties: false
'404':
description: '404'
security:
- ProgramApiKey:
- write_customers
- SiteTokenSecret: []
components:
schemas:
SitesCreateWebviewSessionRequestBody:
type: object
properties:
channel:
description: >-
The name of your app. Can contain only alphanumeric characters, dots
and underscores
type: string
minLength: 2
pattern: ^[-a-zA-Z0-9_.]+$
language:
example: en
description: >-
The current language as an `ISO 639-1` code, e.g. `en`. If language
is not provided or is not supported by this site, the default
language will be used instead
type: string
currency:
example: usd
description: >-
The current currency as an `ISO 4217` currency code, e.g. `usd`. If
currency is not provided or is not supported by this site, the
default currency will be used instead
type: string
customer:
description: >-
Customer to include in the resulting WebView content. If included,
the rendered webview will be scoped to this customer. This means the
customer will be able to see their points and redeem rewards
type: object
properties:
merchant_id:
example: '1000001'
description: ID of the customer in your platform or ecommerce store
type: string
email:
example: alice@example.com
type: string
required:
- merchant_id
- email
additionalProperties: false
required:
- channel
additionalProperties: false
SitesCreateWebviewSessionResponseBody:
type: object
properties:
webview_session:
description: >-
The created session, which includes a URL that can be used as the
source for a WebView
type: object
properties:
url:
example: https://platform.loyaltylion.com/webview/f7bd16c
description: >-
Full URL that can be used as the source for a WebView to render
a complete Loyalty Page for the site. This URL should be
rendered immediately and not cached, as it will expire
type: string
expires_at:
example: '2025-03-03T00:00:00Z'
description: >-
`ISO 8601` timestamp indicating when the WebView session and its
URL will expire. Using an expired URL to render a WebView will
result in an error
type: string
required:
- url
- expires_at
additionalProperties: false
required:
- webview_session
additionalProperties: false
responses:
ClientErrorBadRequest:
description: Bad Request
content:
application/json:
schema:
type: object
properties:
error:
type: object
properties:
message:
type: string
details:
type: object
additionalProperties:
type: string
required:
- message
required:
- error
securitySchemes:
ProgramApiKey:
type: http
scheme: bearer
description: >-
An API key linked to a Program in LoyaltyLion, with a set of permissions
(scopes). API keys can be created manually, or acquired through an
OAuth2 flow. The API key should be provided as a `Bearer` token in the
`Authorization` header
SiteTokenSecret:
type: http
scheme: basic
description: >-
[DEPRECATED] Authenticate using a LoyaltyLion site's `token` as
username, and its `secret` as the password. This authentication method
is deprecated and will be removed in future. Use the `ProgramApiKey`
authentication method instead
````