Authenticate with Api-secret keys

Good to know: A quick start guide can be good to help folks get up and running with your API in a few steps. Some people prefer diving in with the basics rather than meticulously reading every page of documentation!

Sign In With Lenme API And Secret Keys Authentication

Request API and Secret Keys

At present, you have the opportunity to request API and secret keys for accessing our API. These keys are displayed only once and cannot be retrieved again. The API key serves as your unique identifier, while the secret key is utilized to generate an HMAC for each timestamp, ensuring the security of your information.

Generating an HMAC Key using secret key and timestamp

You have the capability to create a fresh HMAC key by combining your secret key with the request's timestamp. This HMAC key remains valid for a duration of 5 minutes. Post this period, you can conveniently generate a new one by employing the script provided below.

import hmac
import hashlib
import time

def generate_client_hmac(secret_key):
    timestamp = str(int(time.time()))

    message = f"{timestamp}:{secret_key}"

    hmac_signature =, message.encode(), hashlib.sha256).hexdigest()

    return hmac_signature, timestamp

secret_key = "your_secret_key"

hmac_signature, timestamp = generate_client_hmac(secret_key)
print("HMAC Signature:", hmac_signature)
print("Timestamp:", timestamp)

Upon generating the HMAC key, you will also receive the current timestamp. These two pieces of information are crucial for the authentication of each request you make. In the subsequent step, you will utilize these values.


It's important to note that the HMAC key has a validity period of only five minutes. Once this time has elapsed, the key becomes invalid, necessitating the generation of a new HMAC key for continued access.

Making A Request

All REST requests must contain the following headers:

  • X-API-KEY Your API key identifier

  • X-Timestamp Timestamp for your request (generated in the above script)

  • X-HMAC Messgae Signature of your secret key

All request bodies should have content type application/json and be valid JSON.

Error Handling

Errors can occur due to various reasons such as invalid requests for invalid API-key, time stamp of the request out of range, invalid HMAC or internal server issues. Each error response will include a JSON body with a clear detail to help you understand what went wrong.

Example Error Response:

  "detail": "Timestamp out of range"

Common Error Codes

  • Authentication credentials were not provided - The request is missing a required parameter or is malformed.

  • Invalid HMAC - The HMAC has been expired or

  • Invalid API Key - The API-Key is not found or maybe revoked.

Sample Request

Once you have authenticated, you can start using our APIs. Please, refer to API reference for an example that shows you steps to fund loans.


In conclusion, by adhering to our established protocols for authentication and error handling, you can ensure a strong and secure integration with our API. This approach not only fortifies your application's security but also enhances the user experience. Stay updated with our changelog for the latest updates and features we introduce.

Last updated