Authentication

Authentication Overview

The Cardlytics Web SDK must be able to communicate with Cardlytics services to provide content for your users. To authenticate calls to the Cardlytics platform, a user scoped security token must be generated by you, the financial institution, and handed back to the Web SDK. To generate a security token, the Cardlytics platform exposes a secure API that can be invoked from your backend service. Tokens are scoped to a user and by default expire after 24 hours.

Here is an example sequence diagram demonstrating what a user login flow might look like: