Skip to content

Authentication API

Cardlytics provides an API endpoint to generate a security token that is suitable for use in the SDK. Tokens are always scoped to a user, and automatically expire after 24 hours.

Security

The authentication API is secured using a strong two-way authentication method called Mutual TLS (mTLS). This allows the financial institution (you) and Cardlytics to authenticate each other using SSL certificates. Additional details on mTLS setup below.

IP filtering can also be configured for additional security.

Endpoint

  • Base Url: https://[PRIVATE-API-PLACEHOLDER]
  • Path: /api/token
  • QueryParameters:
    • sourceCustomerId (required): This is the obfuscated unique customer id assigned by you, the financial institution. To ensure proper rewarding, it is very important that each customer has a consistent customer id that is used across your Cardlytics integration.
  • Method: GET
  • Content-Type: application/json

Success Example

Request 

1
GET /api/token?sourceCustomerId=cc8bc686-72a8-4b28-bffe-3a3cd3c79736

Response 

1
2
3
{
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0OmFjODc0OGUxLWUwMjgtNDg1ZC04YjAwLTQxMmYxYjQ5Y2JiYSIsInN1YiI6InRlc3Q6NDk0MjYwZGQtMjA3MS00Y2UwLWJiMGMtZTBmNzk0Y2ZkNTYxIiwiZXhwIjoxNjMyODQ4NjQ5LCJqdGkiOiIzZWQxMTQ3NS03MWVhLTQ4ZjItYjEzZC03NmY2ZmQ2MjBjNTkiLCJhc3QiOiI3OHd3RlRnZ05GZHhlcVFFRm5MLThNaGV4IiwiaWF0IjoxNjMyODQ2ODUxfQ.f83143RrjFXDvt4MjwK0XMGlOYowB628inXZFl_dejU"
}

mTLS configuration

TODO