This article guides you through the process of authenticating requests with the implementation of API keys known as Permanent User Tokens.

Initial Setup and Admin Authentication

  1. Admin Creation:

    • Navigate to the Admin Panel.

    • Choose "Add Admin" and fill in all required fields.

    • Set the role to "External" and provide the API Key in the designated section.

API Key field is limited to 255 characters.

  1. Using a Permanent User Token:

    • After the initial setup, you can authenticate API requests using the Permanent User Token either through headers or a query parameter.

    Authentication Using Headers

    • To authenticate via headers, you can use a curl command like the following:

      curl http://localhost:8181/api/admin \
          -X "GET" -H "Accept: application/json" \
          -H "Content-type: application/x-www-form-urlencoded" \
          -H "X-AUTH-TOKEN: customPermanentToken"

    Authentication Using Query Parameters

    • Alternatively, you can pass the token as a query parameter:

      curl http://localhost:8181/api/admin?auth_token=customPermanentToken \
          -X "GET" -H "Accept: application/json" \
          -H "Content-type: application/x-www-form-urlencoded" \

Maintaining Authentication State

Permanent User Token (API Key) provided during the initial admin setup is designed to never expire. This feature is particularly beneficial for scenarios that require long-term access without the need for frequent re-authentication.

Best Practices

  • Token Security: Always store the Permanent User Token securely and avoid exposing it in client-side code.

  • Regular Audits: Conduct regular audits of API Key usage to detect any unauthorized access or anomalies in API requests.

  • Secure Storage: Store the API Key in a secure environment, such as an encrypted database or a secure vault solution, to prevent exposure to potential threats.

For additional details and best practices, you should consult the official OpenLoyalty API documentation (https://apidocs.openloyalty.io/), as it will provide the most accurate and up-to-date information, including any recent changes to the API, security advisories, and detailed endpoint descriptions.

Last updated