API Key

This article guides you through the process of authenticating requests with the implementation of API keys known as Permanent User Tokens.

Initial Setup and Admin Authentication

  1. Admin Creation:

    • Navigate to the Admin Panel.

    • Choose "Add Admin" and fill in all required fields.

    • Set the role to "External" and provide the API Key in the designated section.

API Key field is limited to 255 characters.

  1. Using a Permanent User Token:

    • After the initial setup, you can authenticate API requests using the Permanent User Token either through headers or a query parameter.

    Authentication Using Headers

    • To authenticate via headers, you can use a curl command like the following:

      curl http://localhost:8181/api/admin \
          -X "GET" -H "Accept: application/json" \
          -H "Content-type: application/x-www-form-urlencoded" \
          -H "X-AUTH-TOKEN: customPermanentToken"

    Authentication Using Query Parameters

    • Alternatively, you can pass the token as a query parameter:

      curl http://localhost:8181/api/admin?auth_token=customPermanentToken \
          -X "GET" -H "Accept: application/json" \
          -H "Content-type: application/x-www-form-urlencoded" \

Maintaining Authentication State

Permanent User Token (API Key) provided during the initial admin setup is designed to never expire. This feature is particularly beneficial for scenarios that require long-term access without the need for frequent re-authentication.


Best Practices

  • Token Security: Always store the Permanent User Token securely and avoid exposing it in client-side code.

  • Regular Audits: Conduct regular audits of API Key usage to detect any unauthorized access or anomalies in API requests.

  • Secure Storage: Store the API Key in a secure environment, such as an encrypted database or a secure vault solution, to prevent exposure to potential threats.


For additional details and best practices, you should consult the official OpenLoyalty API documentation (https://apidocs.openloyalty.io/), as it will provide the most accurate and up-to-date information, including any recent changes to the API, security advisories, and detailed endpoint descriptions.

Last updated