Why does LoyaltyLion need access to my Magento store's REST API?

LoyaltyLion uses your REST API to provide core program functionality, including:

  • Configuring price rules within your store
  • Retrieving order and customer data
  • Syncing store configuration

Can LoyaltyLion provide a static IP address that I can whitelist?

LoyaltyLion is a dynamically scaled cloud application, so there isn't a single fixed IP or IP range that we make API requests from.

Magento's REST API comes with its own built in authentication scheme, so it's always safe to remove extra authentication layers entirely over API routes (beginning with /api/rest in Magento 1, or /rest in Magento 2)

How to disable basic auth for API routes

It's quite common to control access to your store with HTTP Basic Auth during development. If you have done this, you'll need to remove this extra authentication on your API routes.

Example .htaccess configuration:

# set an environment variable "noauth" if the request starts with "/api/rest"

# Magento 1.x
SetEnvIf Request_URI ^/api/rest noauth=1
# Magento 2
SetEnvIf Request_URI ^/rest noauth=1

# the auth block
AuthName "Please login."
AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /xxx/.htpasswd

# Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=noauth
Did this answer your question?