Authentication

LendingClub will provide users an access ID and a secret key that together will generate the authorization ‘bearer’ token. The temporary token is the user's authorization key to call the LCX PM services and is only valid for 30 minutes. To generate the bearer token, users will need to call the authentication API as follows.

URL: https://api.lendingclub.com/auth/oauth/v2/token?realm=lc

POST

Headers:
Content-Type: application/json
Authorization: LC-API2 Base64('access-id':'secret-key')

Body:
{"grant_type": 'client_credentials'}

Sample Response:
{
"access_token":"2d8ff349-cf79-4656-95a9-6014cafc5a86",
"token_type":"Bearer",
"expires_in":3600,
"scope":"oob",
"requires_mfa":false
}

Base64 in the above example means that users will need to use base64 encoded version of string ‘access-id’:’secret-key’.

For example, assume a user has the following API credentials:

  • access-id: A9B9AB9QIAFAKBNQG9E9
  • secret-key: DC9XuKWjFb0y9x9ABKkAXscvQ2zEiu6bPMGwr0Lk/3joGIMWh

The user needs to encode the string:

P9L8PJ9QIAFAKBNQG6E0:DGj2XuKWjFb0y9x7ABKkAXscvQ2zEiu7bPMGwr0Lk/3joGIMWg

in base64 format, which is:

UDlMOFBKOVFJQUZBS0JOUUc2RTA6REdqMlh1S1dqRmIweTl4N0FCS2tBWHNjdlEyekVpdTdiUE1Hd3IwTGsvM2pvR0lNV2c=

Then the authorization header in the authentication API call will be:

Authorization: LC-API2 UDlMOFBKOVFJQUZBS0JOUUc2RTA6REdqMlh1S1dqRmIweTl4N0FCS2tBWHNjdlEyekVpdTdiUE1Hd3IwTGsvM2pvR0lNV2c=

An example cURL command to invoke authentication endpoint for Sandbox Environment will be:

curl --location --request POST 'https://api-sandbox.lendingclub.com/auth/oauth/v2/token?realm=lc' \
--header 'Content-Type: application/json' \
--header 'authorization: LC-API2 UDlMOFBKOVFJQUZBS0JOUUc2RTA6REdqMlh1S1dqRmIweTl4N0FCS2tBWHNjdlEyekVpdTdiUE1Hd3IwTGsvM2pvR0lNV2c=' \
--data-raw '{"grant_type": "client_credentials"}'

The response will be:

{

  • "access_token": "aa367982-bef6-4f05-a156-10c1431988bc",
  • "token_type": "Bearer",
  • "expires_in": 3600,
  • "scope": "oob",
  • "requires_mfa": false

}

For every call to the LCX PM APIs, users must include the token as part of the authorization header.

GET /api/lcx/v1/primary/listings HTTP/1.1
Host: api.lendingclub.com
cache-control: no-cache
Authorization: Bearer aa367982-bef6-4f05-a156-10c1431988bc