Developers

The LoyaltyVIP API.

Read-only, programmatic access to a player’s own casino loyalty data — tiers, trips, and offers — plus the public casino directory. Built for developers and AI agents: clean JSON, an OpenAPI spec, and a Model Context Protocol (MCP) server.

OpenAPI spec Get an API key Auth guide

Authentication

Authenticate with a personal API key as a Bearer token. Create and manage keys from your dashboard at Settings → Developer. The secret is shown once; we store only a hash.

curl -H "Authorization: Bearer lvip_live_xxxxxxxx" \
  https://nbhagdwegk.execute-api.us-east-1.amazonaws.com/v1/tiers

Endpoints

Base URL https://nbhagdwegk.execute-api.us-east-1.amazonaws.com. v1 is read-only.

GET/v1/casinos?q=&state=&type=&has_rewards=Search the casino directoryPublic

GET/v1/casinos/{slug}Casino detail + rewards program + tier ladderPublic

GET/v1/rewards-programsRewards programs + tiersPublic

GET/v1/me · /tiers · /trips · /offersYour account & dataread

POST/v1/playerFull ~70-action player & host APIread/write/tax/host

POST/v1/comp/calculate · /comp/predictComp calculator & offer predictionsread

POST/v1/tier-matchTier-match suggestions & lettersread

POST/v1/rgResponsible-gaming profile & limitsread

POST/v1/hosts/discover · /match-hostsHost discovery & matchingread

POST/v1/tax-reportIRS gambling tax documentstax

Scopes

Keys carry umbrella scopes: read (all your data & features), write (create/update), tax (sensitive W-2G/tax), and host (host tools). Default keys get read. Admin actions and API-key management are never available via an API key.

MCP server

LoyaltyVIP runs a Model Context Protocol server over Streamable HTTP at https://loyaltyvip.com/mcp. It exposes the public casino directory (search_casinos, get_casino, list_rewards_programs) with no key, plus player_action for your own data when you pass an API key. Point an MCP client at it:

{
  "mcpServers": {
    "loyaltyvip": {
      "url": "https://loyaltyvip.com/mcp",
      "headers": { "Authorization": "Bearer lvip_live_xxxxxxxx" }
    }
  }
}

Server card: /.well-known/mcp/server-card.json. A stdio npm package (@loyaltyvip/mcp) is planned; until it ships, use the HTTP transport above.

Errors

Errors are JSON with a stable code. A 401 also returns a WWW-Authenticate header pointing back here.

{ "error": { "code": "unauthorized", "message": "Missing or invalid API key.", "status": 401, "docs": "https://loyaltyvip.com/developers" } }

Questions? support@loyaltyvip.com. Full machine-readable contract: /openapi.json.