API keys are used to authenticate requests to the Lightyshare API. Each key is tied to a specific user account and inherits the permissions of that user.

Creating an API Key

1

Access your dashboard

Log in to your Lightyshare owner dashboard
2

Navigate to API settings

Go to ShopAPI
3

Generate a new token

Click “Create New Token” and provide a descriptive name
4

Copy your token

Copy the generated token immediately - it won’t be shown again!
Important: Store your API key securely. Treat it like a password - never commit it to version control or share it publicly.

Using Your API Key

There are two ways to include your API key in requests: Include your token in the Authorization header using the Bearer scheme: 
curl -X GET https://lightyshare.com/api/token-secured/product/123 \
  -H "Authorization: Bearer lsh_live_abc123xyz..."

Method 2: Query Parameter

For backward compatibility, you can also pass the token as a query parameter: 
curl -X GET https://lightyshare.com/api/token-secured/product/123?token=lsh_live_abc123xyz...
We recommend using the Authorization header method as it’s more secure and follows industry standards.

Token Format

Lightyshare API tokens follow a consistent format: 
lsh_[environment]_[unique_identifier]
  • lsh: Prefix identifying a Lightyshare token
  • environment: Either live for production or test for testing
  • unique_identifier: A unique string for your token
Example: lsh_live_sk_1234567890abcdef

Token Permissions

API tokens inherit the permissions of the user account that created them:
  • Read Access: View products, bundles, and rentals
  • Write Access: Create and update products and bundles
  • Delete Access: Remove products (if user has permission)

Best Practices

Use Environment Variables

Store tokens in environment variables, not in code
export LIGHTYSHARE_API_KEY="lsh_live_..."

Rotate Regularly

Rotate your API keys periodically for enhanced security

Limit Scope

Create separate tokens for different applications or environments

Monitor Usage

Track API key usage in your dashboard to detect anomalies

Revoking API Keys

If a token is compromised or no longer needed:
  1. Go to your API settings
  2. Find the token in your list
  3. Click “Revoke” next to the token
  4. The token will be immediately invalidated

Environment-Specific Tokens

Lightyshare provides different token types for different environments:
EnvironmentToken PrefixUse Case
Productionlsh_live_Live production data
Testinglsh_test_Testing and development
Always use test tokens during development to avoid affecting production data.

Troubleshooting

Common Authentication Errors

{
  "error": "Invalid or missing token",
  "code": "AUTH_INVALID_TOKEN"
}
Solutions:
  • Verify your token is correct and complete
  • Check you’re using the right environment (live vs test)
  • Ensure the token hasn’t been revoked