Generate a token
Go to Settings → Account → New Token in the app.
Give it a descriptive name.
Copy the token immediately. It is shown once and cannot be retrieved again.
Anyone with the token has full API access to your organization. Store it as you would a password.
Verify your token
GET /auth/me returns the org and user the token belongs to.
import requests
API_BASE = "https://api.lendpathway.com/api"
TOKEN = "pat_your_token_here"
r = requests.get(
f"{API_BASE}/auth/me",
headers={"Authorization": f"Bearer {TOKEN}"}
)
print(r.json())
{
"org_id": "c4f9dda9-7875-4115-961f-0ac4b9630526",
"org_name": "Acme Funding",
"user_id": "fa576914-9590-40af-bbb8-c3af6f500859",
"user_name": "John Doe"
}
Revoke a token
From Settings → Account, click the token and revoke it. Revoked tokens immediately return 401.
Token behavior
- Tokens are org-scoped. A token belongs to exactly one user in one organization.
- PAT tokens have no expiry. They are valid until revoked.
last_used_at is updated on every request that uses the token.
