Authentication - Reward APIs & Reward Links APIs
Everything you need to know to securely connect with Reward APIs and Reward Links APIs.
All requests to the Reward API and Reward Links APIs must be authenticated. This section explains how to create and manage tokens to ensure secure communication.
Note: Xoxoday uses the standard OAuth 2.0 protocol and a RESTful Rewards API to let you integrate vouchers seamlessly into your environment.
Authentication URLs
When you’re starting out, you can use a Sandbox account in our staging environment. Once you’re ready to go live, simply switch to the Production environment.
- Sandbox Auth URL
https://canvas.xoxoday.com/chef - Production Auth URL
https://accounts.xoxoday.com/chef
Client ID, Secret ID, and Token Creation
Xoxoday uses Bearer Authentication. Every API request must include your Access Token in the HTTP header.
You’ll first need to generate your Client ID and Secret ID from the admin portal. Once you have these, you can use them to create an Access Token.
Quick Steps:
- Log in to your Admin Portal.
- Navigate to API Credentials.
- Copy your Client ID and Secret ID.
- Generate your Access Token.
Copy your token immediately — it will not be shown again.
Generating Tokens
For detailed, step-by-step instructions on generating your Client ID, Secret ID, and Access Token, visit Create your API Key.
IP Whitelisting
For security, only whitelisted IPs can access the APIs.
Please share your staging and production IP addresses with your Implementation Manager to get them whitelisted.
Updated 9 days ago