Getting Started
The simple REST API enables developers to quickly integrate their
applications. API services are actively developing to provide more
complete functionality.
All entity IDs are 64-bit integers. JavaScript clients must handle them carefully to avoid silent precision loss. See JavaScript / TypeScript Integration for details.
Authentication
Lofty supports two methods for API authentication: OAuth 2.0 and API Key.
1. OAuth 2.0 (Recommended for Third-Party Integrations)
OAuth 2.0 allows secure integrations between third-party applications and Lofty without sharing passwords. To obtain an access_token, please refer to the Lofty OAuth2.0 documentation. When making API calls with OAuth 2.0, include the following headers:
| Header | Value |
|---|---|
| Content-type | application/json |
| Authorization | Bearer [access_token] |
2. API Key (Use with Caution)
Lofty also supports API connections using an API Key, available at: Settings > Integrations > API on each user's lofty account When making API calls with an API Key, include the following headers:
| Header | Value |
|---|---|
| Content-type | application/json |
| Authorization | token [API_KEY] |
Disclaimer: API keys must remain internal, with restricted scope, and must not be shared with external vendors. The API Key method is less recommended because:
- It is not subject to security assessments or automatic expiration.
- The client assumes full responsibility for managing the API key’s usage and security.
- Lofty strongly recommends using OAuth 2.0 whenever possible for better security and control.