Authentication

How lyng knows who you are when you make API requests.

How it works

Every request you make to the lyng API needs to include your API key. Think of it like showing your ID at the door. Without it, lyng won't let you in.

You send your key in a special part of the request called a header. Headers are extra pieces of information that travel alongside your request, kind of like the address and return address written on an envelope. The specific header lyng looks for is called Authorization.

The format

The value of the Authorization header must be the word Bearer followed by a space, then your API key. This is a standard format used across most APIs on the internet.

Your API key starts with lk_ and is a long string of random characters. You get it from your Developer dashboard.

What the header looks like

http

Authorization: Bearer lk_your_api_key_here

Example using curl in terminal

bash

curl https://lyng.my.id/api/v1/links \
  -H "Authorization: Bearer lk_your_key"

What happens if I forget it?

If you send a request without an API key, or with a wrong one, lyng will reject your request and return an error:

json

{ "error": "Invalid or missing API key" }

This comes with an HTTP status code of 401, which means "Unauthorized". Double-check your key is correct and that you haven't accidentally added extra spaces.

Security tip: Never put your API key directly in code you share publicly (like on GitHub). Instead, store it in an environment variable, which is a setting on your computer or server that your code can read without it being visible in the code itself. Most languages have a way to read environment variables, e.g. process.env.LYNG_API_KEY in Node.js.

PreviousOverview

NextBase URL