LogoLogo
HomepageCase studiesBook a demo
Technical Guide
Technical Guide
  • Introduction
  • Getting Started Guide
    • Authentication
    • Member Registration Configuration
    • Add Webhook
    • Add Member
    • Create Campaign
    • Add Transaction
    • Add Custom Event Schema
    • Create Achievement
    • Add Custom Event
  • Terms Reference
  • Backward Compatibility Policy
  • API Reference
  • Postman Collection
  • User Guide
  • Integration
    • Introduction
    • Overview of Integration Methods
    • Tools and Technologies
    • Integration Examples
      • Lambda
      • Zapier
      • AWS EventBridge
      • Kafka
  • API Fundamentals
    • Overview
    • Environments Capabilities
    • How to Query
    • Limits
    • Best Practices
  • Authentication
    • Admin Token
    • Access Token (API Key)
    • Enabling SSO Login
      • Okta
      • Microsoft Entra ID
  • Webhooks
    • Overview
    • Best Practices
  • S3 Bucket Data exports
    • Overview
    • Set Up S3 Bucket Integration
    • Data Structure and Types
      • Achievements
      • Achievement Usage
      • Campaigns
      • Campaign Calculated Effect Result
      • Campaign Execution
      • Custom Events
      • Members
      • Rewards
      • Rewards Redemption
      • Tiers
      • Transactions
      • Tenants
      • Unit Transfers
Powered by GitBook
On this page
  • Maintaining Authentication State
  • Best Practices

Was this helpful?

  1. Authentication

Access Token (API Key)

This article guides you through the process of authenticating requests with the implementation of API keys known as Access Tokens.

Initial Setup and Admin Authentication

  1. Admin Creation:

    • Navigate to the Admin Panel.

    • Choose the admin you want to generate an Access Token for.

    • Click on Generate new key.

    • Set the key name and optionally set the expiration date.

    • Copy the API key and save it. You will not be able to access the key upon closing the window.

  2. Using the Access Token:

    • After the initial setup, you can authenticate API requests using the Access Token either through headers or a query parameter.

    Authentication Using Headers

    • To authenticate via headers, you can use a curl command like the following:

      curl -L http://your-env-url/api/{storeCode}/member \
          -X "GET" -H "Accept: application/json" \
          -H "X-AUTH-TOKEN: customPermanentToken"

Maintaining Authentication State

Access Token (API Key) provided during the initial admin setup is designed to never expire unless specified otherwise. This feature is particularly beneficial for scenarios that require long-term access without the need for frequent re-authentication.


Best Practices

  • Token Security: Always store the Permanent User Token securely and avoid exposing it in client-side code.

  • Regular Audits: Conduct regular audits of API Key usage to detect any unauthorized access or anomalies in API requests.

  • Secure Storage: Store the API Key in a secure environment, such as an encrypted database or a secure vault solution, to prevent exposure to potential threats.


Last updated 2 months ago

Was this helpful?

For additional details and best practices, you should consult the official OpenLoyalty API documentation (), as it will provide the most accurate and up-to-date information, including any recent changes to the API, security advisories, and detailed endpoint descriptions.

https://apidocs.openloyalty.io/