Authentication

API keys

All API requests must include your API key in the Authorization header. No Bearer prefix is needed.

curl https://api.mageloyalty.com/v1/customers \
  -H "Authorization: your-api-key-here"

API keys are generated in the Mage Loyalty dashboard under Settings > API Keys (Growth plan and above).

API keys grant access to your loyalty program data. Never expose full-access keys in client-side code.

Scopes

Each API key has one of two access levels:

Scope	Description
Full access	Can perform all read and write operations
Read only	Can only perform `GET` requests

Use read-only keys if you do not wish to manipulate any loyalty data via the API. Attempting a write operation with a read-only key returns 403 Forbidden:

{
  "errors": [
    {
      "status": "403",
      "title": "Forbidden",
      "detail": "This API key is read-only and cannot perform write operations"
    }
  ]
}

Missing or invalid key

Requests without a valid API key return 401 Unauthorized:

{
  "errors": [
    {
      "status": "401",
      "title": "Unauthorized",
      "detail": "Missing Authorization header"
    }
  ]
}

REST API

API Resources

Webhook Events

Shopify Metafields

API keys

Scopes

Missing or invalid key

REST API

API Resources

Webhook Events

Shopify Metafields

​API keys

​Scopes

​Missing or invalid key

API keys

Scopes

Missing or invalid key