Skip to content

TurnKey Lender — Public API Authentication & Access

Source: official ReadMe API reference + product KB. Two token types: an API key (partner-level) and a user auth token (borrower/investor-level).

Base path & environment

TurnKey Lender is tenant-hosted. All endpoints live under:

https://{site_domain}/PublicApi/v7-12/{endpoint}

e.g. https://demo.turnkey-lender.com/PublicApi/v7-12/User/Login. Your {site_domain} is your own deployment; a staging tenant is provisioned by TurnKey. [confirm on onboarding] your exact staging vs production hosts.

1. API key (required on every call)

Supply your partner API token as a header:

tkLender_ApiKey: <your-api-token>

The token is generated in the TurnKey back-office under System → Security (a.k.a. API Clients). Keys are scoped by permission level (Front-office / Management / Payment options).

2. User auth token (for user-scoped operations)

Some endpoints act on behalf of a specific borrower or investor (e.g. Create Loan). These additionally require:

tkLender_UserAuthToken: <user-token>

Obtain it by either:

  • Register a new user — POST /Customer/Register (or POST /Investor/Register), or
  • Log in an existing user — POST /User/Login.

The token is returned by those endpoints and identifies the user on subsequent calls.

To obtain credentials

  • Admin access to the tenant (System → Security) to generate the API key.
  • Generate least-privilege keys per integration with sensible expiry.
  • [confirm on onboarding]: staging host, rate limits, IP allow-listing, token TTL.

Configured in-platform with their own provider credentials, not the Public API key: credit bureau, document signing, bank-account verification, accounting/chart-of-accounts, front-site, ipstack, and the data-migration API.