Authentication

All requests to the Loving Loyalty API must be authenticated using an API key.

API Key

After approval, you will receive one or more API keys associated with your account.

• API keys identify your integration
• API keys grant access to specific resources
• Treat API keys as secrets

Sending the API Key

The API key must be included in every request as an HTTP header, if the request requires an authenticated/authorized user:

Api-Key: YOUR_API_KEY

Example (curl)

curl https://api.lovingloyalty.com/api/v1/places/123/orders \  
-H "Api-Key: YOUR_API_KEY" \  
-H "Accept: application/json"

Authentication Errors

• Missing or invalid API keys will return 401 Unauthorized
• Requests without the Api-Key header will be rejected (if they require authentication/authorization)

Security Notes

• Never expose API keys in client-side code
• Do not commit API keys to version control
• Contact us if your API keys are exposed, so we can expire them