Authentication

Every request to the Cheers Loyalty API requires authentication headers. Depending on the endpoint, up to three headers are needed.

Headers

X-API-Key (required on all endpoints)

Identifies and authorizes the POS terminal. Each physical terminal has its own API key. This key determines who the device is and what permissions it has.

X-API-Key: eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9...

X-Transaction-Key (required on preview)

A one-time-use 32-character hex code generated dynamically by the user's Cheers app (via QR code). It authorizes the POS to act on behalf of the user for this transaction.

X-Transaction-Key: 5ccd7850844b415091071c027930101f

Format: Must match the regex ^[0-9a-fA-F]{32}$

The QR code the cashier scans contains this value. Each Transaction Key can only be used once and has an expiration window.

X-Idempotency-Key (required on preview)

Prevents duplicate transactions if the same QR code is accidentally scanned twice. Must be unique per terminal per transaction.

X-Idempotency-Key: a7e454c6-17ab-4fee-b823-c595bf3adb4a

Format: 1--255 characters, unique per device.

Environments

Environment	Base URL
Sandbox	`https://api.dev.votesess.com`
Production	`https://api.uniqpon.com`

POS Requirements

Your POS must expose a product query endpoint so Cheers can synchronize product data for discount validation. Each product must include:

Name
Product ID
Gross price
VAT rate

Headers​

X-API-Key (required on all endpoints)​

X-Transaction-Key (required on preview)​

X-Idempotency-Key (required on preview)​

Environments​

POS Requirements​