# Member Token {% hint style="warning" %} Please note that the authentication method using the member token is no longer supported and will be discontinued soon. {% endhint %} ### Initial Admin Login When a member attempts to log in for the first time: 1. Send a `POST` request to the `/api/{storeCode}/member/login_check` endpoint with the member's credentials as a JSON payload. ```json { "username": "member@example.com", "password": "password123" } ``` 2. Upon successful authentication, OpenLoyalty will return a response containing a JWT token and a refresh token: ```json { "token": "eyJhbGciOiJSUzI1NiIsInR5cCI...", "refresh_token": "def50200a2e8c9a2..." } ``` This JWT token is critical as it must be included in the `Authorization` header as a Bearer token for the subsequent requests to the API. {% hint style="info" %} Please note the list of endpoints utilizing a member's token is limited. The complete list can be found below the hint. For the remaining endpoints, you still need to use the admin token. {% endhint %}

List of endpoints utilizing member's token

1. Authentication \ \ \ 2. Reset Password 3. Campaigns\ 4. History 5. Member 6. Rewards 7. Wallets

*** ### Maintaining Authentication State The JWT token has a validity period of 24 hours. To continue interacting with the API beyond this period without requiring the member to log in again, you will need to refresh the token. {% hint style="danger" %} To ensure optimal performance of your environment, it's crucial to avoid frequent requests for JWT tokens, as this can significantly impact system efficiency. {% endhint %} 1. Send a `POST` request to the `/api/{storeCode}/token/refresh` endpoint with the refresh token before the JWT token expires: ```json { "refresh_token": "def50200a2e8c9a2..." } ``` 2. If the refresh token is valid, OpenLoyalty will issue a new JWT token along with a new refresh token. ```json { "token": "eyJhbGciOiJSUzI1NiIsInR5cCI...", "refresh_token": "ghi78900b3f1c9d3..." } ``` Replace the old JWT token with the new one in the `Authorization` header for all future requests utilizing member's token.

Sequence diagram for the authentication flow

*** ### Best Practices * **Token Security**: It is critical to handle JWT tokens securely to protect them from interception or unauthorized access. * **Token Refresh Strategy**: Implementing an automated refresh token strategy will enhance the user experience by preventing session disruptions. * **Error Handling**: Your client application should be equipped to handle errors during the authentication process, including scenarios where the refresh token has expired, necessitating a full re-authentication. By following these steps and best practices, you can integrate OpenLoyalty's authentication flow into your application, ensuring secure and seamless access to its API. *** {% hint style="success" %} For additional details and best practices, you should consult the official OpenLoyalty API documentation (), as it will provide the most accurate and up-to-date information, including any recent changes to the API, security advisories, and detailed endpoint descriptions. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.openloyalty.io/technical-guide/authentication/member-token.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.