Authentication
Learn how to authenticate with the Lemu API
API Keys
The Lemu API uses API keys to authenticate requests. You can view and manage your API keys in the developer dashboard.
Your API keys carry many privileges, so be sure to keep them secure! Do not share your API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
Authentication
Authentication to the API is performed via HTTP Headers. Provide your API key and secret as values for the X-API-Key and X-API-Secret headers with every request.
X-API-Key: YOUR_API_KEY X-API-Secret: YOUR_API_SECRET
Example Request
curl --request GET \ --url http://localhost:5000/api/v1/developer/banks/list \ --header "X-API-Key: YOUR_API_KEY" \ --header "X-API-Secret: YOUR_API_SECRET"
Error Responses
If authentication fails, the API will respond with a 401 Unauthorized status code.
{
"status": "error",
"message": "Invalid API credentials"
}API Key Security
Here are some best practices for keeping your API keys secure:
- Store API keys in environment variables, not in your application's source code
- Do not expose API keys in client-side JavaScript
- Restrict your API keys to specific IPs if possible
- Regularly audit and rotate your API keys
Rate Limiting
To protect our service from abuse, the Lemu API implements rate limiting. The current rate limit is 100 requests per minute per API key.
If you exceed the rate limit, the API will respond with a 429 Too Many Requests status code.