API Authentication
Every request to the ListHouze API must be authenticated. ListHouze supports two authentication methods: API keys for server-to-server integrations and OAuth 2.0 for applications that act on behalf of individual users. Choosing the right method depends on your use case and security requirements.
API Key Authentication
Generate an API key from the Developer Settings page in your ListHouze account. Include the key in the Authorization header as a Bearer token with every request. API keys are scoped to your account and carry the same permissions as your user role. Keep your keys secret — never expose them in client-side code or public repositories.
OAuth 2.0 Flow
For applications that need to access data on behalf of other ListHouze users, use the OAuth 2.0 authorization code flow. Register your application to receive a client ID and secret, redirect users to the ListHouze authorization page, and exchange the returned code for an access token. Access tokens expire after one hour and can be refreshed using the refresh token endpoint.
Managing Keys and Tokens
You can view, rotate, and revoke API keys and OAuth credentials from the Developer Settings page. Rotating a key generates a new one and invalidates the old key immediately. We recommend rotating keys on a regular schedule and revoking any credentials that are no longer in use to maintain security.
Info