Generate Auth Token
Authentication
Generate Auth Token
Exchange your client credentials for a JWT bearer token.
POST
Generate Auth Token
Loyalife uses OAuth 2.0 client credentials flow for API authentication. This endpoint exchanges yourDocumentation Index
Fetch the complete documentation index at: https://help-loyalife.xoxoday.com/llms.txt
Use this file to discover all available pages before exploring further.
client_id and client_secret for a JWT bearer token valid for 30 minutes (configurable). Every subsequent API call must include this token in the Authorization header — there is no session or cookie-based alternative. Cache the token and reuse it; never generate a new token per request.
Credentials are per-program. Find your
client_id and client_secret in Loyalife Admin under Configurations → Program Settings → API. Regenerating credentials immediately invalidates all previously issued tokens.Responses
200 — Success
200 — Success
| Path | Type | Description |
|---|---|---|
results.token | string | JWT bearer token. Use as Authorization: bearer {token} in all subsequent calls. |
results.tokenExpiresOn | string (date-time) | ISO 8601 expiry timestamp. Refresh before this time. |
401 — Invalid Credentials
401 — Invalid Credentials
| Path | Type | Description |
|---|---|---|
results.IsSucessful | boolean | false |
results.ErrorCode | string | Error code from the platform |
results.ExceptionMessage | string | Human-readable reason — check this field for details |
Body
application/json
OAuth 2.0 grant type
Available options:
client_credentials Example:
"client_credentials"
Your OAuth client ID from Loyalife Admin → Program Configuration → API
Example:
"your-client-id"
Your OAuth client secret. Never expose in client-side code.
Example:
"your-client-secret"
Optional. Binds token to a specific member. JSON-encoded array: ["LOGIN","{RelationReference}"]. Omit for a general-purpose program token.
Example:
"[\"LOGIN\",\"jane.doe@example.com\"]"
Response
Token issued