API - Authentication

Authentication is the very first step before using any endpoint of the Lengow API. It needs to be done at every connection.

On this page we will describe the steps you need to take to make sure your application can authenticate against the Lengow API. We are using Postman for our examples and descriptions.

Step 1: Client Credentials

Any partner willing to interact with the Lengow API will need a set of credentials (a Lengow account ID, an access token and a clientSecret), which can be found through the Lengow dashboard.

Where to find these API keys in Lengow:

  • Log in to your Lengow Account
  • Open the settings page from your profile > "General information"
  • Find the section called "A.P.I".  my.lengow.io/company/api 
  • You can copy the access token and the secret displayed in this section (see image below)


Need to renew your Lengow API keys?

To get a new access token and a new secret, simply click on the "Renew" button present on this page (see screenshot).
If you were using these API keys on your end, remember to replace the outdated ones.

Step 2: Acquiring an access token

Next up is acquiring an access token from our authentication service and setting this as an Authorization header when doing calls to the Lengow API.

1.Set up your identification environment in Postman

In order to request a token, start by creating the Authorization header.

  • To do so, complete your client credentials using Postman and create your environment.

2.Requesting the access token

After setting the Authorization header, request a token by doing a POST:

POST /access/get_token

The server returns a response like this: 

"token": "1895caa9-94d3-4ff6-ac9a-5b74a0e5a1b7", 
"account_id": 1

3. Complete the identification environment with the access token 

Open your environment again in Postman and add a new variable '"LENGOW_AUTH" with the generated token (see image - source: Postman)


Note: If the credentials have not been correctly provided, you will receive a 401 Unauthorized response from the server.  

Once you have your token, all your API request will need an active Authorization header (Use the environment you created in Postman for example).

This token you generate at every new session will be needed for any request you send to the API. Each token has a lifetime of 3600 seconds.  
Please do not request a new token for each request to the Lengow API!The tokens are valid for longer periods of time and are intended to be reused. Not doing so can overload the authentication service and will lead to an IP ban when request limits are exceeded. Note that the rate limits for the authentication service are far lower than those of the Lengow API.

Articles in this section

Our Support hours:
9 a.m. to 6:30 p.m. CET Monday through Friday