LogoLogo
HomepageCase studiesBook a demo
Technical Guide
Technical Guide
  • Introduction
  • Getting Started Guide
    • Authentication
    • Member Registration Configuration
    • Add Webhook
    • Add Member
    • Create Campaign
    • Add Transaction
    • Add Custom Event Schema
    • Create Achievement
    • Add Custom Event
  • Terms Reference
  • Backward Compatibility Policy
  • API Reference
  • Postman Collection
  • User Guide
  • Integration
    • Introduction
    • Overview of Integration Methods
    • Tools and Technologies
    • Integration Examples
      • Lambda
      • Zapier
      • AWS EventBridge
      • Kafka
  • API Fundamentals
    • Overview
    • Environments Capabilities
    • How to Query
    • Limits
    • Best Practices
  • Authentication
    • Admin Token
    • Access Token (API Key)
    • Enabling SSO Login
      • Okta
      • Microsoft Entra ID
  • Webhooks
    • Overview
    • Best Practices
  • S3 Bucket Data exports
    • Overview
    • Set Up S3 Bucket Integration
    • Data Structure and Types
      • Achievements
      • Achievement Usage
      • Campaigns
      • Campaign Calculated Effect Result
      • Campaign Execution
      • Custom Events
      • Members
      • Rewards
      • Rewards Redemption
      • Tiers
      • Transactions
      • Tenants
      • Unit Transfers
Powered by GitBook
  1. Getting Started Guide

Authentication

The initial step that needs to be configured is the authentication flow. See the sample example how this can be configured. Links to more detailed instructions can be found at the end of the article.

Last updated 10 months ago

Was this helpful?

How this example works

OpenLoyalty uses JWT Tokens to authenticate all API calls.

Properly setting up authentication is crucial for maintaining application security and ensuring uninterrupted service. This helps avoid issues such as excessive request rates or the use of invalid or expired tokens.


Try yourself

  • Login with the admin username and password Endpoint: POST /api/admin/login_check

  • Save token and refresh_token from the responses

  • Refresh your previously saved token Endpoint: POST /api/token/refresh

  • Input the token in the header for all the subsequent requests


Endpoints used


More resources

For a detailed overview and description of the authentication flow, please refer to these articles:

AdminsIn this section, you will learn how to manage the admins of your loyalty program.

This method allows to login for admin.

post

This method allows to login and get a JWT token for the admin

Body
usernamestringOptionalExample: admin
passwordstringOptionalExample: password
Responses
200Success
application/json
401
Bad credentials.
application/json
post
POST /api/admin/login_check HTTP/1.1
Host: openloyalty.localhost
Content-Type: application/json
Accept: */*
Content-Length: 42

{
  "username": "admin",
  "password": "password"
}
{
  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6...",
  "refresh_token": "0558f8bb29948c4e54c443f..."
}

This method allows to refresh JWT.

post
Body
refresh_tokenstringOptionalExample: 0558f8bb29948c4e54c443f...
Responses
200Success
application/json
401
Bad credentials.
application/json
post
POST /api/token/refresh HTTP/1.1
Host: openloyalty.localhost
Content-Type: application/json
Accept: */*
Content-Length: 46

{
  "refresh_token": "0558f8bb29948c4e54c443f..."
}
{
  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6...",
  "refresh_token": "0558f8bb29948c4e54c443f..."
}