API Token Management
Looking to get started as quickly as possible?
View our Quickstart Guide ↗
LoanPro's Loan Management System (LMS) allows users to generate multiple API tokens per environment. Each token is associated with a user profile and adopts the access and role settings assigned to the user—providing the ability to grant granular access to specific API actions. In addition to access settings, LoanPro's token management tools help keep your API tokens organized and fresh by providing automated rotations and labeling options.
Keep reading to learn more about token creation and management.
Token creation
Start by navigating to Settings > Company > API > Overview within your LoanPro environment. Next, enable API access if it hasn't been enabled already. Following that, complete the following steps to create a new API token:
The list of available Agents when creating a new API key will be limited to the Agent Users who have logged in and signed the LoanPro usage agreement.
When selecting a user to associate with the token, keep in mind that the user's access settings extend to API usage. LoanPro's Role-Based Access feature grants users access to specific pages and buttons within the software. This extends to API usage as well by granting users access to specific endpoints and methods. For example, a Role might grant users access to only GET requests made to the /Loans and /Customers endpoints. To learn more about Role-Based Access, see Creating Agent User-based Access ↗
Created tokens are listed within the results of the API Overview page. Here's a breakdown of the information that describes each token:
| Column Name | Description |
|---|---|
| API Token | The authentication token used for API requests. |
| Name | The name of the Agent User associated with the token. |
| Label | An optional, customizable label that helps describe the token. This can be used to describe the purpose of the token, where it might be used in integrations, a description of its access, and more. |
| Role | The name of the Role assigned to the Agent User |
| Status | The status of the token, whether it's set as "Active" or "Inactive". Using an inactive token will result in 401 Authentication Error responses. |
Lastly, multiple tokens can be associated with a single user. However, creating multiple tokens for a single user is not recommended, as determining the origin of requests will become more difficult.
Token management
Once tokens are created, they can be managed via the API Overview page.
The following management tools can be used to ensure tokens are organized, secure, and remain fresh:
| Action | Description |
|---|---|
| Status Change | Sets the token's status as either "Active" or "Inactive" Setting a token as "Inactive" will result in 401 Authentication Error responses. This is a useful tool for temporarily disabling individual tokens. |
| Refresh | Sets a new token for the same user. |
| Rotate | Automatically refreshes a token on a user-defined schedule. This is useful for ensuring tokens remain secure. When rotating a token, select how often the rotation should occur. |
| Delete | Deletes a token permanently. |
Updated about 1 month ago