In this article:
Why does LoyaltyLion need access to my Magento store's REST API?
LoyaltyLion uses your REST API to provide core program functionality, including:
Configuring price rules within your store
Retrieving order and customer data
Syncing store configuration
Can LoyaltyLion provide a static IP address that I can whitelist?
To find more information, please find our API documentation here: https://developers.loyaltylion.com/api/
Magento's REST API comes with its own built in authentication scheme, so it's always safe to remove extra authentication layers entirely over API routes (beginning with /api/rest in Magento 1, or /rest in Magento 2)
How to disable basic auth for API routes
It's quite common to control access to your store with HTTP Basic Auth during development. If you have done this, you'll need to remove this extra authentication on your API routes.
Example .htaccess configuration:
# set an environment variable "noauth" if the request starts with "/api/rest"
# Magento 1.x
SetEnvIf Request_URI ^/api/rest noauth=1
# Magento 2
SetEnvIf Request_URI ^/rest noauth=1
SetEnvIf Request_URI ^/oauth noauth=1
# the auth block
AuthName "Please login."
AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /xxx/.htpasswd
# Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=noauth