Skip to content

authentication.mdx

Latest commit

 

History

History
87 lines (63 loc) · 3.29 KB

authentication.mdx

File metadata and controls

87 lines (63 loc) · 3.29 KB
title Authentication
description Learn how to authenticate Lensmor API requests with user API keys, bearer tokens, secure storage, and production key management practices.

Lensmor API requests require a user API key.

Getting your API key

  1. Sign in or create an account at Lensmor App.
  2. Upgrade the account to a paid subscription plan.
  3. Open Settings → API Keys.
  4. Click Create API Key, give it a label, and copy the key immediately — it is only shown once.

Your key starts with uak_ and looks like this:

uak_abc12def_xyzExampleKeyValue1234567890

Store it in an environment variable before making requests:

export LENSMOR_API_KEY="uak_your_api_key"
API keys are available to subscribed accounts. If you do not see the API Keys section after upgrading, contact Lensmor support.

Base URL

https://platform.lensmor.com

Combine this base URL with the endpoint paths documented in the API reference. For example, GET /external/events/list becomes GET https://platform.lensmor.com/external/events/list.

Header format

Authorization: Bearer uak_your_api_key

Example request

curl "https://platform.lensmor.com/external/events/list?page=1&pageSize=20" \
  -H "Authorization: Bearer $LENSMOR_API_KEY"

How it works

  • Send a Bearer token in the Authorization header.
  • Bearer scheme matching is case-insensitive at runtime.
  • Use the examples on each endpoint page for the expected request path, parameters, and response shape.

Before you call the API

  • Use a valid user API key.
  • Send the header on every request.
  • Expect 401 Unauthorized when the key is missing, malformed, revoked, or otherwise invalid.

Security recommendations

  • Store API keys in a secret manager or server-side environment variable.
  • Do not expose API keys in browser JavaScript, mobile app bundles, public repos, or analytics payloads.
  • Rotate keys if they are accidentally logged or shared.
  • Avoid logging full Authorization headers.
  • Use your own server as a proxy when building browser-based experiences.
Treat user API keys like credentials. They can access Lensmor data and initiate workflows that use the same credits as the Lensmor SaaS app.

Test and production usage

Lensmor does not currently provide a separate sandbox environment. All API calls go to the production base URL.

To test your integration safely:

  • Use read-only endpoints (events/list, events/detail, exhibitors/list, personnel/list, credits/balance) freely — they do not consume credits.
  • Avoid calling credit-consuming endpoints (events/:id/unlock, contacts/unlock, exhibitors/search-events) until you are ready to use real data.
  • Check your shared SaaS/API balance with GET /external/credits/balance before running paid workflows.
  • API usage and Lensmor SaaS usage draw from the same credit pool for the subscribed user account.
For integration development, start with the free read-only endpoints and only call credit-consuming endpoints when your workflow is validated.

Notes

  • Older examples that show sk_... are historical and are not the current API key format.
  • Invalid or missing keys return the shared API error format described in Error conventions.