Guides
For Advertisers
Start typing to search…
  1. implementation
  2. Additional Modules
  3. Optional - Light Auth

Launch Light Auth Experience

A Standalone, Full-Featured Rewards Application in a New Tab

Abstract

The Cardlytics LARS (Lightly Authenticated Rewards Summary) Experience is a white-labeled, lightly authenticated rewards experience launched from a bank email in a new browser tab.

The experience is hosted by Cardlytics and accessed via your branded rewards domain using a reverse proxy configuration.

Prerequisites

Before starting, make sure you have received the following from Cardlytics:

  • applicationId for your LARS instance
  • Alert file pipeline access (AlertInfo and OfferInfo files)

The applicationId is required to construct all LARS URLs.

Quickstart

Follow these 2 steps to integrate the Cardlytics LARS Experience.

Step 1: Alerts Integration - File Based

Follow this guide to complete the alert notification flow: Customer Alerts File-Based Implementation

Required Alert Files

You will receive two JSONL files:

  • AlertInfo
  • OfferInfo

Each line in the file is a JSON object.

Required Fields

From AlertInfo:

  • sourceCustomerId used to map to your internal customer and email address
  • rankings ordered list of adId values
  • token JWT token used for authentication
  • totalRewardAmount optional lifetime redeemed value

From OfferInfo:

  • adId
  • merchantName
  • endDate
  • preMessage
  • postMessage
  • shortPreMessage
  • rewardAmount
  • rewardType
  • thankYouMessage
  • adType
  • url
  • Logo image URL

Email Construction

Partners should:

  • Map sourceCustomerId to the correct customer email
  • Use rankings to determine offer display order
  • Use OfferInfo fields to render merchant name, reward amount, expiration date, and messaging
  • Embed LARS URLs containing applicationId and token

LARS URL Patterns

Offer Listing Page

https://yourrewardsdomain.com/?a=<applicationId>&t=<token>

Single Offer Activation Page

https://yourrewardsdomain.com/offer/<adId>?a=<applicationId>&t=<token>&activate=true

Email View Tracking Pixel

To mark offers as viewed, include:

https://yourrewardsdomain.com/v2/events/clientEventPixel?token=<token>

Step 2: Infrastructure Setup - Reverse Proxy Configuration

To maintain your branded rewards domain, you must configure a reverse proxy that routes traffic to Cardlytics infrastructure.

Important Constraint

CRP only supports proxying at the root path /.

Supported:

https://yourrewards.com/  ->  https://offers.cardlytics.com/

Not supported:

https://yourrewards.com/rewards/  ->  https://offers.cardlytics.com/

Option 1: Nginx Configuration

server {
    listen 443 ssl;
    server_name yourrewardsdomain.com;

    ssl_certificate /path/to/your/certificate.crt;
    ssl_certificate_key /path/to/your/private.key;

    # Beacon API
    location /v2/events/ {
        proxy_pass https://publisher-rewards-api.cardlytics.com/v2/events/;
        proxy_set_header Host publisher-rewards-api.cardlytics.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Image CDN
    location /images/ {
        proxy_pass https://publisher-cdn-us.cardlytics.com/images/;
        proxy_set_header Host publisher-cdn-us.cardlytics.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_buffering on;
    }

    # Main LARS Experience
    location / {
        proxy_pass https://offers.cardlytics.com/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Language $http_accept_language;
        proxy_set_header Accept-Encoding "";
        proxy_buffering off;
    }
}

Option 2: CloudFront Configuration

{
  "Origins": [
    {
      "Id": "cardlytics-rewards",
      "DomainName": "offers.cardlytics.com",
      "CustomOriginConfig": {
        "HTTPPort": 443,
        "OriginProtocolPolicy": "https-only",
        "OriginSslProtocols": {
          "Quantity": 1,
          "Items": ["TLSv1.2"]
        }
      }
    }
  ],
  "DefaultCacheBehavior": {
    "TargetOriginId": "your-main-origin"
  },
  "CacheBehaviors": [
    {
      "PathPattern": "/rewards*",
      "TargetOriginId": "cardlytics-rewards",
      "ViewerProtocolPolicy": "redirect-to-https",
      "Compress": true,
      "ForwardedValues": {
        "QueryString": true,
        "Headers": ["Authorization", "X-Forwarded-Host", "User-Agent"]
      }
    }
  ]
}

Security Considerations

  1. Domain Validation: Ensure reverse proxy configuration restricts access appropriately
  2. CORS Configuration: Work with Cardlytics to properly configure allowed origins

Customizing the Theme

The LARS experience supports the same theming options as the embedded SDK.

See: https://platform.cardlytics.com/publisher-integrations/docs/cardlytics-rewards-platform-implementation-websdk-instantiate-sdk#customizing-the-theme

Updated about 23 hours ago