Access Token (API Key)

This article guides you through the process of authenticating requests with the implementation of API keys known as Access Tokens.

Initial Setup and Admin Authentication

Admin Creation:
- Navigate to the Admin Panel.
- Choose the admin you want to generate an Access Token for.
- Click on Generate new key.
- Set the key name and optionally set the expiration date.
- Copy the API key and save it. You will not be able to access the key upon closing the window.
Using the Access Token:
- After the initial setup, you can authenticate API requests using the Access Token either through headers or a query parameter.
Authentication Using Headers
- To authenticate via headers, you can use a curl command like the following:
  curl -L http://your-env-url/api/{storeCode}/member \ -X "GET" -H "Accept: application/json" \ -H "X-AUTH-TOKEN: customPermanentToken"

Maintaining Authentication State

Access Token (API Key) provided during the initial admin setup is designed to never expire unless specified otherwise. This feature is particularly beneficial for scenarios that require long-term access without the need for frequent re-authentication.

Best Practices

Token Security: Always store the Permanent User Token securely and avoid exposing it in client-side code.
Regular Audits: Conduct regular audits of API Key usage to detect any unauthorized access or anomalies in API requests.
Secure Storage: Store the API Key in a secure environment, such as an encrypted database or a secure vault solution, to prevent exposure to potential threats.

Last updated 2 months ago

Was this helpful?

Access Token (API Key)

This article guides you through the process of authenticating requests with the implementation of API keys known as Access Tokens.

Initial Setup and Admin Authentication

Admin Creation:
- Navigate to the Admin Panel.
- Choose the admin you want to generate an Access Token for.
- Click on Generate new key.
- Set the key name and optionally set the expiration date.
- Copy the API key and save it. You will not be able to access the key upon closing the window.
Using the Access Token:
- After the initial setup, you can authenticate API requests using the Access Token either through headers or a query parameter.
Authentication Using Headers
- To authenticate via headers, you can use a curl command like the following:
  curl -L http://your-env-url/api/{storeCode}/member \ -X "GET" -H "Accept: application/json" \ -H "X-AUTH-TOKEN: customPermanentToken"

Maintaining Authentication State

Best Practices

Token Security: Always store the Permanent User Token securely and avoid exposing it in client-side code.
Regular Audits: Conduct regular audits of API Key usage to detect any unauthorized access or anomalies in API requests.
Secure Storage: Store the API Key in a secure environment, such as an encrypted database or a secure vault solution, to prevent exposure to potential threats.

For additional details and best practices, you should consult the official OpenLoyalty API documentation (), as it will provide the most accurate and up-to-date information, including any recent changes to the API, security advisories, and detailed endpoint descriptions.

Last updated 2 months ago

Was this helpful?