> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lendpathway.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Generate and verify PAT tokens.

## Generate a token

Go to **Settings → Account → New Token** in the app.

Give it a descriptive name.

Copy the token immediately. It is shown once and cannot be retrieved again.

<Warning>
  Anyone with the token has full API access to your organization. Store it as you would a password.
</Warning>

## Verify your token

`GET /auth/me` returns the org and user the token belongs to.

<CodeGroup>
  ```python Python theme={null}
  import requests

  API_BASE = "https://api.lendpathway.com/api"
  TOKEN = "pat_your_token_here"

  r = requests.get(
      f"{API_BASE}/auth/me",
      headers={"Authorization": f"Bearer {TOKEN}"}
  )

  print(r.json())
  ```

  ```bash cURL theme={null}
  curl https://api.lendpathway.com/api/auth/me \
    -H "Authorization: Bearer pat_your_token_here"
  ```
</CodeGroup>

**Response**

```json theme={null}
{
  "org_id": "c4f9dda9-7875-4115-961f-0ac4b9630526",
  "org_name": "Acme Funding",
  "user_id": "fa576914-9590-40af-bbb8-c3af6f500859",
  "user_name": "John Doe"
}
```

## Revoke a token

From **Settings → Account**, click the token and revoke it. Revoked tokens immediately return `401`.

## Token behavior

* Tokens are org-scoped. A token belongs to exactly one user in one organization.
* PAT tokens have no expiry. They are valid until revoked.
* `last_used_at` is updated on every request that uses the token.
