LendWorksAuthentication
API key management, scopes, rotation, and security best practices for the LendIQ API.
API Keys
All API requests require a valid API key passed via the client constructor. Keys are prefixed with liq_live_ for production and liq_test_ for sandbox environments.
const client = new LendIQ({ apiKey: "liq_live_..." });client = LendIQ(api_key="liq_live_...")Creating Keys
Create API keys programmatically or from the portal. Each key can be scoped to specific permissions and given an expiration.
const newKey = await client.keys.create({
name: "Production Integration",
scopes: "deals:read,deals:write,documents:write",
expires_in_days: 365,
});
console.log(newKey.api_key); // "liq_live_..." — only shown once
console.log(newKey.id);
console.log(newKey.expires_at);new_key = client.keys.create(
name="Production Integration",
scopes="deals:read,deals:write,documents:write",
expires_in_days=365,
)
print(new_key.api_key) # "liq_live_..." — only shown once
print(new_key.id)
print(new_key.expires_at)Warning: The full API key is only returned at creation time. Store it securely — it cannot be retrieved again.
Available Scopes
| Scope | Description |
|---|---|
deals:read | Read deal details, health scores, and recommendations |
deals:write | Create deals, trigger re-evaluation |
documents:read | List and download documents |
documents:write | Upload and delete documents |
rulesets:read | List and view rulesets |
rulesets:write | Create, update, and delete rulesets |
keys:manage | Create and revoke API keys |
webhooks:manage | Configure webhook endpoints |
Listing & Revoking Keys
// List all API keys
const keys = await client.keys.list();
for (const key of keys.data) {
console.log(key.id, key.name, key.prefix, key.last_used_at);
}
// Revoke a key
await client.keys.revoke(456);# List all API keys
keys = client.keys.list()
for key in keys.data:
print(key.id, key.name, key.prefix, key.last_used_at)
# Revoke a key
client.keys.revoke(456)