Authentication
Understand how authentication and authorization work across the WLL API, including access levels, token handling, and how to request credentials.
All requests to the White Label Loyalty (WLL) API require an API key. Depending on the type of request, you may also need to authenticate as a user or administrator using an access token.
This section explains the different authorization levels, how to generate and use access tokens, and how to request the credentials needed for secure integration.
Authentication vs authorization
Authentication is about proving who you are. In WLL, this means supplying a valid API key and, where needed, a token (user or admin).
Authorization is about what you’re allowed to do. Once authenticated, your token defines which operations you can perform based on your access level.
Access levels & methods
There are three levels of authorization in the WLL platform:
Requires only the API key.
X-Api-Key only
Used for public data access (e.g. browsing rewards or venues).
Requires the API key and a user access token.
X-Api-Key + Authorization: Bearer <user token>
Used to interact on behalf of a specific end-user (e.g. report events, view points balance, see user-specific rewards).
Requires the API key and an admin access token.
X-Api-Key + Authorization: Bearer <admin token>
Used for privileged operations (e.g. reporting back-office events, managing rewards).
Each access level is explained in its own article with example requests and configuration notes.
Getting your API key
You can find your API key in the Loyalty Console under Settings > Tenant.
Getting your admin auth credentials
To access admin-level endpoints, you’ll need to request your client credentials (client ID and secret), which are used to generate admin access tokens. See Request API credentials.
Last updated
Was this helpful?