Authenticating with token & secret

This type of authentication has complete read-write access to your LoyaltyLion account, and should only be used by your team in a trusted environment.

Third party applications should use our OAuth authentication instead.

The LoyaltyLion API supports Basic Authentication as defined in RFC2617 using your token and secret. These can be found in your LoyaltyLion settings.

Use the token as the username, and the secret as the password. For example, using cURL:

curl \
  --user 'token:secret' \
  --url '' \
  --header 'Content-Type: application/json'
Note: For security reasons, API requests using token & secret authentication must always be made from a secure server environment. Requests from a client-side environment are not allowed as this would pose the risk of publicly exposing your credentials allowing potential attackers full access to your loyalty program.