Skip to main content

API keys

All API requests must include your API key in the Authorization header. No Bearer prefix is needed.
API keys grant access to your loyalty program data. Never expose full-access keys in client-side code.

Create an API key

1

Open API key settings

In the Mage Loyalty dashboard, go to Settings > API Keys. API keys are available on the Growth plan and above.
2

Generate a key

Give the key a name so you can recognize where it is used, choose Full access or Read-only (see Scopes), and generate it.
3

Copy it once

The key is shown only once, at creation. Copy it and store it somewhere secure. If you lose it, revoke the key and generate a new one.
You can revoke a key at any time from the same screen, which immediately stops it from authenticating. Revoked keys can then be deleted.

Scopes

Each API key has one of two access levels: Use read-only keys if you do not wish to manipulate any loyalty data via the API. Attempting a write operation with a read-only key returns 403 Forbidden:

Missing or invalid key

Requests without an Authorization header, or with a key that is unknown or has been revoked, return 401 Unauthorized. A request made with an invalid key looks like this: