Webhook API
Authentication

Authentication

The API uses header-based authentication. All webhook management requests require authentication headers.

Authentication method

X-Joy-Loyalty-App-Key: your_app_key_here
X-Joy-Loyalty-Secret-Key: your_secret_key_here

You can retrieve these credentials from your Joy Loyalty app settings page in the Shopify admin.

Authentication rules

  • X-Joy-Loyalty-Secret-Key is always required
  • X-Joy-Loyalty-App-Key is required

Authentication example

curl -X GET "https://joy.avada.io/app/api/v1/webhooks" \
  -H "X-Joy-Loyalty-App-Key: your_app_key" \
  -H "X-Joy-Loyalty-Secret-Key: your_secret_key" \
  -H "Content-Type: application/json"

Response format

All API responses follow a consistent envelope structure:

Success response

{
  "success": true,
  "webhooks": [], 
  "webhook": {}, 
  "timestamp": "2024-01-15T10:30:00.000Z"
}

Error response

{
  "success": false,
  "error": "Resource not found",
  "timestamp": "2024-01-15T10:30:00.000Z"
}
OverviewAPI Reference
Product
Install AppWebsiteBook a Demo
Developers
JavaScript SDKREST API v2Webhook API
Company
Avada GroupHelp CenterContact
© 2026 Joy Loyalty by Avada Group. All rights reserved.