REST API v3
⚠️ Experimental Version
This version of the API is currently in beta and may undergo changes. For production use, please consider using the current stable version (v2).
Base URL & Format
All API calls should use the base URL: https://api.localtunity.com/v3
- All responses are in JSON format
- All requests should include
Content-Type: application/jsonheader - UTF-8 encoding is required for all requests
Authentication
API v3 supports two authentication methods, optimized for different use cases:
1. OAuth 2.0 Token Authentication (Recommended for Frontend Applications)
For client-side applications, always use token-based authentication:
Request
POST /v3/auth/token
Content-Type: application/json
{
"api_key": "your_api_key",
"api_secret": "your_api_secret"
}
Response
{
"access_token": "eyJhbGciOiJS...",
"token_type": "Bearer",
"expires_in": 3600,
"issued_at": "2024-03-21T10:00:00Z"
}Use the token in subsequent requests:
Authorization: Bearer eyJhbGciOiJS...2. API Key Authentication (For Backend Services Only)
For server-to-server communication, you can use direct API credentials stored in environment variables:
Headers
X-API-Key: your_api_key
X-API-Secret: your_api_secret⚠️ Important: Never use API key/secret authentication in frontend applications or expose these credentials in client-side code.
Security Best Practices
- Store API credentials securely using environment variables
- Implement automatic token refresh before expiration
- Never expose credentials in client-side code
- Rotate API secrets periodically
- Use HTTPS for all API requests
Rate Limits
- 1000 requests per hour per API key
- 500 premium requests per day per Account