In this article:
- Why does LoyaltyLion need access to my Magento store's REST API?
- Can LoyaltyLion provide a static IP address that I can whitelist?
- How to disable basic auth for API routes
Why does LoyaltyLion need access to my Magento store's REST API?
LoyaltyLion uses your REST API to provide core program functionality, including:
- Configuring price rules within your store
- Retrieving order and customer data
- Syncing store configuration
Can LoyaltyLion provide a static IP address that I can whitelist?
LoyaltyLion is a dynamically scaled cloud application, so there isn't a single fixed IP or IP range that we make API requests from.
Magento's REST API comes with its own built in authentication scheme, so it's always safe to remove extra authentication layers entirely over API routes (beginning with /api/rest in Magento 1, or /rest in Magento 2)
How to disable basic auth for API routes
It's quite common to control access to your store with HTTP Basic Auth during development. If you have done this, you'll need to remove this extra authentication on your API routes.
Example .htaccess configuration:
# set an environment variable "noauth" if the request starts with "/api/rest"
# Magento 1.x
SetEnvIf Request_URI ^/api/rest noauth=1
# Magento 2
SetEnvIf Request_URI ^/rest noauth=1
SetEnvIf Request_URI ^/oauth noauth=1
# the auth block
AuthName "Please login."
# Here is where we allow/deny
Deny from all
Allow from env=noauth