> For the complete documentation index, see [llms.txt](https://help.openloyalty.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.openloyalty.io/api-reference/authorization.md).

# Authorization

These endpoints will allow you to authorize the user.

## Log user out

> \<label style="background-color: #BFE1F6;padding:5px;">Integration\</label>\<br>\<br>\
> This method can be used to log out current user.\<br>\
> It will revoke all refresh tokens assigned to current user so it will not be possible\
> to obtain new token based on stored refresh token.<br>

````json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"Authorization","description":"These endpoints will allow you to authorize the user."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[{"Bearer":[]},{"token":[]}],"components":{"securitySchemes":{"Bearer":{"type":"apiKey","description":"Open Loyalty has the JWT authorization.\nTo learn what a JSON Web Token is and how it works, check out Introduction to JSON Web Tokens <https://jwt.io/introduction/>\n\n### Obtain an access token\n\nSend a request with the parameters username and password\n\n#### Definition\n\n`POST /api/admin/login_check` [Go to definition](#operation/adminLoginCheck)\\\n`POST /api/{storeCode}/member/login_check` [Go to definition](#operation/memberLoginCheck)\n\n#### Example\n\n```bash\ncurl {HOST}/api/admin/login_check\n    -H 'Content-Type: application/json;charset=UTF-8'\n    -H 'Accept: application/json, text/plain, */*'\n    --data-binary '{\"username\":\"admin\",\"password\":\"password\"}'\n```\n\n#### Example Response\n\n```json\n{\n    \"token\":\"eyJhbGciOiJSUzI1NiIsInR5cCI6...\",\n    \"refresh_token\":\"0558f8bb29948c4e54c443f...\"\n}\n```\n\n### Using JSON Web Token\n\nAdd authorization header to each request\\\n`Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...`\\\nYou can now access any API method you want under the /api prefix.\n\n#### Example\n```bash\ncurl {HOST}/api/{storeCode}/analytics/members\n    -H 'Accept: application/json'\n    -H 'Content-type: application/x-www-form-urlencoded'\n    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...'\n```\n\n### Refresh JSON Web Token\nYou can refresh token using refresh_token that was given during login.\\\nThere are two endpoints\\\nTo refresh admin token `POST /api/token/refresh` [Go to definition](#operation/tokenRefresh)\\\nTo refresh member token `POST /api/{storeCode}/token/refresh` [Go to definition](#operation/tokenRefreshMember)\n","name":"Authorization","in":"header","bearerFormat":"JWT","scheme":"bearer"},"token":{"type":"apiKey","name":"X-AUTH-TOKEN","in":"header"}},"responses":{"NoContent":{"description":"Success. No content."},"AccessDenied":{"description":"Forbidden.","content":{"application/json":{"schema":{"required":["code","message"],"properties":{"code":{"type":"integer"},"message":{"type":"string"}},"type":"object"}}}}}},"paths":{"/api/token/revoke":{"get":{"tags":["Authorization"],"summary":"Log user out","description":"<label style=\"background-color: #BFE1F6;padding:5px;\">Integration</label><br><br>\nThis method can be used to log out current user.<br>\nIt will revoke all refresh tokens assigned to current user so it will not be possible\nto obtain new token based on stored refresh token.\n","operationId":"userGetTokenRevoke","responses":{"204":{"$ref":"#/components/responses/NoContent"},"403":{"$ref":"#/components/responses/AccessDenied"}}}}}}
````

## Get admin token

> \<label style="background-color: #D4EDBC;padding:5px;">Management\</label>\<br>\<br>\
> This method allows to login and get a JWT token for the admin<br>

```json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"Authorization","description":"These endpoints will allow you to authorize the user."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[],"paths":{"/api/admin/login_check":{"post":{"tags":["Authorization"],"summary":"Get admin token","description":"<label style=\"background-color: #D4EDBC;padding:5px;\">Management</label><br><br>\nThis method allows to login and get a JWT token for the admin\n","operationId":"adminLoginCheck","requestBody":{"description":"","content":{"application/json":{"schema":{"properties":{"username":{"type":"string"},"password":{"type":"string"}},"type":"object"}}}},"responses":{"200":{"$ref":"#/components/responses/TokenAndRefreshToken"},"401":{"$ref":"#/components/responses/BadCredentials"}}}}},"components":{"responses":{"TokenAndRefreshToken":{"description":"","content":{"application/json":{"schema":{"properties":{"token":{"type":"string"},"refresh_token":{"type":"string"}},"type":"object"}}}},"BadCredentials":{"description":"Bad credentials.","content":{"application/json":{"schema":{"required":["message"],"properties":{"message":{"type":"string"}},"type":"object"}}}}}}}
```

## Get member token

> \<label style="background-color: #D4EDBC;padding:5px;">Management\</label>\<br>\<br>\
> This method allows to login and get a JWT token for the member<br>

```json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"Authorization","description":"These endpoints will allow you to authorize the user."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[],"paths":{"/api/{storeCode}/member/login_check":{"post":{"tags":["Authorization"],"summary":"Get member token","description":"<label style=\"background-color: #D4EDBC;padding:5px;\">Management</label><br><br>\nThis method allows to login and get a JWT token for the member\n","operationId":"memberLoginCheck","requestBody":{"description":"","content":{"application/json":{"schema":{"properties":{"username":{"type":"string"},"password":{"type":"string"}},"type":"object"}}}},"responses":{"200":{"$ref":"#/components/responses/TokenAndRefreshToken"},"401":{"$ref":"#/components/responses/BadCredentials"}},"deprecated":true}}},"components":{"responses":{"TokenAndRefreshToken":{"description":"","content":{"application/json":{"schema":{"properties":{"token":{"type":"string"},"refresh_token":{"type":"string"}},"type":"object"}}}},"BadCredentials":{"description":"Bad credentials.","content":{"application/json":{"schema":{"required":["message"],"properties":{"message":{"type":"string"}},"type":"object"}}}}}}}
```

## Refresh admin token

> \<label style="background-color: #D4EDBC;padding:5px;">Management\</label>\<br>\<br><br>

```json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"Authorization","description":"These endpoints will allow you to authorize the user."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[],"paths":{"/api/token/refresh":{"post":{"tags":["Authorization"],"summary":"Refresh admin token","description":"<label style=\"background-color: #D4EDBC;padding:5px;\">Management</label><br><br>\n","operationId":"tokenRefresh","requestBody":{"description":"","content":{"application/json":{"schema":{"properties":{"refresh_token":{"type":"string"}},"type":"object"}}}},"responses":{"200":{"$ref":"#/components/responses/TokenAndRefreshToken"},"401":{"$ref":"#/components/responses/BadCredentials"}}}}},"components":{"responses":{"TokenAndRefreshToken":{"description":"","content":{"application/json":{"schema":{"properties":{"token":{"type":"string"},"refresh_token":{"type":"string"}},"type":"object"}}}},"BadCredentials":{"description":"Bad credentials.","content":{"application/json":{"schema":{"required":["message"],"properties":{"message":{"type":"string"}},"type":"object"}}}}}}}
```

## Refresh member token

> \<label style="background-color: #D4EDBC;padding:5px;">Management\</label>\<br>\<br><br>

```json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"Authorization","description":"These endpoints will allow you to authorize the user."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[],"paths":{"/api/{storeCode}/token/refresh":{"post":{"tags":["Authorization"],"summary":"Refresh member token","description":"<label style=\"background-color: #D4EDBC;padding:5px;\">Management</label><br><br>\n","operationId":"tokenRefreshMember","requestBody":{"description":"","content":{"application/json":{"schema":{"properties":{"refresh_token":{"type":"string"}},"type":"object"}}}},"responses":{"200":{"$ref":"#/components/responses/TokenAndRefreshToken"},"401":{"$ref":"#/components/responses/BadCredentials"}},"deprecated":true}}},"components":{"responses":{"TokenAndRefreshToken":{"description":"","content":{"application/json":{"schema":{"properties":{"token":{"type":"string"},"refresh_token":{"type":"string"}},"type":"object"}}}},"BadCredentials":{"description":"Bad credentials.","content":{"application/json":{"schema":{"required":["message"],"properties":{"message":{"type":"string"}},"type":"object"}}}}}}}
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.openloyalty.io/api-reference/authorization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.