Authentication
Glu offers two distinct APIs, each designed for a different relationship between the caller and the data. Picking the right one comes down: who is making the request — your system, or your end user?
Organisation API — your backend, your data
The Organisation API authenticates with an API key passed in the x-api-key header. The key is tied to a single organisation and grants access to all of that organisation's data: contacts, members, gift cards, orders, transactions, workflows and more.
Use the Organisation API when the request originates from your own server or service, not from a user's browser or device.
Learn how to get started with the organisation API.
Common use cases
Nightly data sync to a data warehouse
You need bulk access to all contacts, gift cards and transactions
Accepting a gift card as payment at checkout
The lookup and redeem endpoints require organisation-level access to any gift card code
Issuing gift cards programmatically
Creating gift cards from a product variant or with custom parameters is an organisation operation
Registering new members from a third-party sign-up form
POST /members creates a member and contact in a single call
Reporting and analytics dashboards
Listing orders, transactions, or contacts across the entire organisation
Syncing contacts with your CRM or ESP
Bulk read/write of contact data including custom fields
Triggering workflows via API
Listing and inspecting workflow runs
Store API — acting as a logged-in member
The Store API authenticates with OAuth 2.0. The access token represents a specific member who has authorised your application, and the API returns only the data that member is allowed to see.
Use the Store API when the request originates from (or on behalf of) an individual member and you want to show them their own data.
Learn how to get started with the Store API.
Common scenarios:
Building a headless members area
Show the member their profile, wallet, gift cards and offers after they log in
Single sign-on across web and app
Use Glu as the identity provider, then query the member's data via OAuth
Displaying a member's wallet in your own UI
GET /api/member/wallet returns only that member's gift cards and offers
Personalised loyalty dashboards
Show the member their tier, benefits and activity without exposing other members' data
Can I use both?
Yes. Many integrations use both APIs together. A common pattern:
Store API to authenticate the member and retrieve their profile and wallet contents for display.
Organisation API (server-side) to perform privileged operations like issuing a gift card, redeeming a balance, or recording an activity against the member's contact record.
The two APIs complement each other — the Store API respects the member's privacy by limiting data to what they've consented to share, while the Organisation API gives your backend the full power it needs to manage the platform.
Last updated