TurnKey Lender — Public API Authentication & Access¶
Source: official ReadMe API reference + product KB. Two token types: an API key (partner-level) and a user auth token (borrower/investor-level).
Base path & environment¶
TurnKey Lender is tenant-hosted. All endpoints live under:
https://{site_domain}/PublicApi/v7-12/{endpoint}
e.g. https://demo.turnkey-lender.com/PublicApi/v7-12/User/Login. Your {site_domain} is your own deployment; a staging tenant is provisioned by TurnKey. [confirm on onboarding] your exact staging vs production hosts.
1. API key (required on every call)¶
Supply your partner API token as a header:
tkLender_ApiKey: <your-api-token>
The token is generated in the TurnKey back-office under System → Security (a.k.a. API Clients). Keys are scoped by permission level (Front-office / Management / Payment options).
2. User auth token (for user-scoped operations)¶
Some endpoints act on behalf of a specific borrower or investor (e.g. Create Loan). These additionally require:
tkLender_UserAuthToken: <user-token>
Obtain it by either:
- Register a new user —
POST /Customer/Register(orPOST /Investor/Register), or - Log in an existing user —
POST /User/Login.
The token is returned by those endpoints and identifies the user on subsequent calls.
To obtain credentials¶
- Admin access to the tenant (System → Security) to generate the API key.
- Generate least-privilege keys per integration with sensible expiry.
- [confirm on onboarding]: staging host, rate limits, IP allow-listing, token TTL.
Related integrations (separate credentials)¶
Configured in-platform with their own provider credentials, not the Public API key: credit bureau, document signing, bank-account verification, accounting/chart-of-accounts, front-site, ipstack, and the data-migration API.