Getting Started
The simple REST API enables developers to quickly integrate their
applications. API services are actively developing to provide more
complete functionality.
Authentication
Lofty supports two methods for API authentication: OAuth 2.0 and API Key.
1. OAuth 2.0 (Recommended for Third-Party Integrations)
OAuth 2.0 allows secure integrations between third-party applications and Lofty without sharing passwords. To obtain an access_token, please refer to the Lofty OAuth2.0 documentation. When making API calls with OAuth 2.0, include the following headers:
| Header | Value |
|---|---|
| Content-type | application/json |
| Authorization | Bearer [access_token] |
2. API Key (Use with Caution)
Lofty also supports API connections using an API Key, available at: Settings > Integrations > API on each user's lofty account When making API calls with an API Key, include the following headers:
| Header | Value |
|---|---|
| Content-type | application/json |
| Authorization | token [API_KEY] |
Disclaimer: API keys must remain internal, with restricted scope, and must not be shared with external vendors. The API Key method is less recommended because:
- It is not subject to security assessments or automatic expiration.
- The client assumes full responsibility for managing the API key’s usage and security.
- Lofty strongly recommends using OAuth 2.0 whenever possible for better security and control.