All requests to the Xoxoday Rewards API must be authenticated. Xoxoday uses bearer authentication, where each request must include an HTTP header that includes your Client ID, Secret ID, and Access Token. The following guide explains how to generate your client ID, secret ID, and access tokens from the admin portal.Documentation Index
Fetch the complete documentation index at: https://help-plum.xoxoday.com/llms.txt
Use this file to discover all available pages before exploring further.
How to Generate Your API Key
- Log in to your Xoxoday Admin Dashboard (Sandbox or Production).
- Go to Settings → API.
- Under the Reward API tab, click Generate Client ID.
- A pop-up will appear showing the scope of integration (Plum PRO API/Gift Card API). Click Save. Your Client ID and Secret ID will now be visible on the dashboard — copy and store them securely.
- Click on “Generate New Tokens”.
- Confirm by clicking “Yes, Generate”.
- Your Access & Refresh Tokens will be displayed — copy it immediately, as it will not be shown again.
- Treat this token like a password. Keep it secure and never expose it publicly.
Using the API Key
To authenticate your API requests, include the access token in the Authorization header as a Bearer token:Ensure that your token is kept secure and never exposed in client-side code or public repositories.