API settings

Owned by Klári Németh
Last updated: Aug 02, 2023 by Klári Németh
3 min read

The API tab is the interface where you can browse API credentials and functionalities, and define access restrictions.

API key and secret

The API tab opens up to the page where you can find the API key and secret to set up connections between your loyalty program and other integrated services (eg. newsletter providers).

The API secret is only accessible upon the generation of API credentials, then it is hidden from the Backoffice for security reasons. Make sure to copy and store it securely in case you may need it later.

Please note, that if you generate new API credentials, all of the existing connections will stop functioning, until the new credentials are entered.

API Browser

You can also find a link to the API browser on this page, where your developer can browse the available API methods.

  • Events - submit API events

  • Customers - access endpoints of the Customer API

  • Errors - browse the entire content of the requests and Antavo’s responses to failed API calls.

As a security measure, customer passwords that may be included in requests are never exposed in the logs.

Read more in the API documentation.

IP Filter

Under the IP filter tab, you can define specific IP addresses that can access each API endpoint.

This tab is only available if the IP filter module has been enabled in the Backoffice. Please contact the Antavo Service Desk to help you activate the module.

  • Select the API endpoint from the dropdown list

  • Click the icon

  • Paste the IP address or IP range (with a CIRD number) that you’d like to authorize
    Click the corresponding to add multiple addresses or ranges.
    eg. if you add 192.168.1.2 and 192.168.0.3/24, only the 192.168.1.2 and range of 192.168.0.[0-255] IP addresses will go through, otherwise the endpoint responds with a forbidden exception

  • Click ‘Update’ to save your settings

You can remove filters using the button anytime.

Signature enforcement

If signature enforcement is enabled for an API endpoint then requests with plain API keys are rejected with an authentication error, only the requests with proper signatures can be recorded.
Learn more on how to add signatures to your API requests here.

Use the checkboxes to enable signature enforcement for any of the available endpoints.

  • Challenges API deprecated soon

  • Coupons API

  • Customer API

  • Display API

  • Entities API

  • Events API

  • FAQ API

  • Leaderboard API

  • Levels API legacy

  • Offers API

  • Rewards API

  • Wallet API deprecated soon

  • Workflow Campaigns API

Don’t forget to click ‘Update’ before leaving the page to make your changes effective.

© Copyright 2022 Antavo Ltd.