Use Glow's API keys and webhooks when you want another system to connect to your loyalty program. The API lets a developer read or update loyalty data, and webhooks let Glow send event notifications to another system when selected loyalty events happen.

These are technical features. Most merchants will want a developer or integration partner to help set up and test them.

Before you start

API access and webhooks are paid-plan features.
Keep your API key, API secret, and webhook secret private.
Do not include unredacted keys or secrets in screenshots, support tickets, chat messages, or client-side storefront code.
Webhook URLs must use HTTPS.
Set up and test webhooks with a development endpoint before connecting them to production workflows.
If a key or secret has been exposed, contact Glow support before continuing.

Find your API key and secret

In Glow, go to Settings > API.
Copy the API Key and API Secret into your private server-side integration.
Open API Documentation when your developer needs endpoint details, parameters, and response examples.

Glow API settings page with the API Documentation link and redacted API credentials highlighted

Glow API requests authenticate with headers on every request:

api-key: YOUR_API_KEYapi-secret: YOUR_API_SECRET

The public API reference is available at https://www.glowloyalty.com/api. It includes the base URL, endpoint list, request parameters, sample responses, and PHP examples.

Glow API reference showing the base URL, authentication headers, and request example highlighted

Set up webhooks

Use webhooks when you want Glow to notify another system after loyalty activity happens.

In Glow, go to Settings > Webhooks.
Enter your HTTPS endpoint in Webhook URL.
Give your developer the Webhook Secret so they can verify that requests came from Glow.
Check the events you want Glow to send under Send Webhooks When.
Set Status to Enabled.
Click Save.
After the webhook has been saved, click Send Test Webhook to test the saved endpoint.

Glow Webhooks setup page with the endpoint URL, hidden secret, event checkboxes, status, and test button highlighted

The Send Test Webhook button is disabled until a webhook has been saved. The test sends a sample MEMBER_NEW payload to your saved endpoint.

Choose webhook events

Glow can send webhooks for these event types:

New Member
Member Order Placed
Member Awarded Birthday Points
Member Awarded Anniversary Points
Member Referred
Member Redeemed Reward
Member Redeemed Automatic Reward
Member Points Expired
Member Points Reminder
Member Points Expiration Reminder
Member Discount Code Reminder
Member Manual Points Adjustment
Member Manual Points Adjustment API
Member Custom Reward Submission State
Member VIP Tier Changed
Member Facebook Like
Member Facebook Share
Member Instagram Follow
Member TikTok Follow
Member X Follow
Member X Share
Member Judge.me Review

Only checked events are sent, and webhooks must be enabled before Glow sends live event notifications.

Verify webhook requests

Glow sends webhook requests as JSON POST requests. Each request includes:

A top-level event
A uuid
A timestamp
A data object for the event payload
A X-Glow-Hmac-Sha256 header

The X-Glow-Hmac-Sha256 header is a base64-encoded HMAC-SHA256 signature of the request body, signed with your webhook secret. Your endpoint should compute the same signature and compare it before trusting the payload.

Glow Webhooks documentation showing the HMAC verification header and Node.js request-handling example highlighted

The public webhook reference is available at https://www.glowloyalty.com/webhooks. It includes verification guidance, example handler code, and sample payloads for each event type.

Test the setup

For API access:

Send a test request to an endpoint such as GET /api/v1/members.
Include the api-key and api-secret headers.
Confirm the response is JSON and does not return an authorization error.

For webhooks:

Save the webhook URL, selected events, and enabled status.
Click Send Test Webhook.
Confirm your endpoint receives the test payload.
Return a 200 response within 5 seconds. Another successful 2xx response may be accepted by Glow, but 200 OK is the safest default.

For live event testing, trigger the event you selected. For example, if you selected Member Manual Points Adjustment, adjust points for a test customer and confirm your endpoint receives that event.

What happens if webhook delivery fails

If a webhook request fails, times out, or does not return a successful response, Glow retries the delivery over roughly the next 24 hours. If delivery keeps failing, Glow disables webhooks for the account and sends an email telling the merchant to fix the endpoint and re-enable webhooks.

Common issues

API request returns an authorization error

Check that the request includes both api-key and api-secret headers. Also confirm you copied the values from Settings > API into a private server-side integration, not client-side storefront code.

API request says the account needs a paid plan

API access is a paid-plan feature. Upgrade Glow or contact support if you believe your account should have developer API access.

Webhook settings will not save

Make sure the webhook URL starts with https://. Glow does not accept non-HTTPS webhook URLs.

Send Test Webhook is disabled

Save the webhook setup first. The test button is disabled until Glow has a saved webhook record, and it is also disabled on the free plan.

The test webhook does not arrive

Check that your endpoint is public, uses HTTPS, accepts JSON POST requests, and responds within 5 seconds. Review your server logs for the Glow Webhook user agent and the X-Glow-Hmac-Sha256 header.

The webhook signature does not match

Compute the HMAC using the raw request body and your Glow webhook secret. If you parse and re-stringify JSON before computing the HMAC, the computed signature may not match the original request body.

Webhooks were disabled

Glow disables webhooks after repeated delivery failures. Fix the endpoint, go back to Settings > Webhooks, set Status to Enabled, and save again.