Everything you need to know about authentications when using Xoxoday APIs


All requests to the Rewards API must be authenticated. This section talks about how you can create and manage tokens.


Xoxoday uses the standard OAuth 2.0 protocol and RESTful API for clients to integrate Xoxoday’s marketplace.

Authentication URLs value

While getting started, you may use a Sandbox account in the staging environment. And once you've familiarized yourself with Xoxoday's APIs, you may migrate over to the production environment.


Sandbox Auth URL



Prodcution Auth URL


Client ID, Secret ID, and Token Creation

All requests to the Xoxoday Rewards API must be authenticated.

Xoxoday uses bearer authentication, where each request must include an HTTP header that includes your Client ID, Secret ID, and Access Token. The following guide explains how to generate your client ID, secret ID, and access tokens from the admin portal.