When a customer is logged in, the LoyaltyLion SDK needs to authenticate them in order to display their information (points, rewards) and allow them to perform actions like earning points and claiming rewards.

Customer authentication is peformed automatically on Shopify, BigCommerce and Magento.

Authentication in LoyaltyLion leverages your existing customer accounts so a customer doesn’t need to sign in twice or have a separate account with LoyaltyLion.

It works by generating a secure server-side auth token (MAC) which is passed through to LoyaltyLion on the next page load. LoyaltyLion verifies the auth token and if it checks out, will consider the customer authenticated.

Creating the auth token

The auth token is a SHA-1 hash of the following concatenated items, in order:

  • the customer’s unique id
  • the current date, as an ISO 8601 timestamp
  • the customer’s email address
  • your LoyaltyLion secret

This auth token must be generated server-side, i.e. in your template. Your LoyaltyLion secret should never be exposed. The generated token can then be sent to the client and used in a call to lion.init or lion.authenticateCustomer to authenticate the customer.

date =
secret = 'YOUR_SECRET'

auth_token = Digest::SHA1.hexdigest( + date + + secret