Managing API credentials in LianaAccount

  • Updated

API authentication for Liana products provides a secure way to authenticate with our interfaces. All Liana products use a unified authentication method, which simplifies building and maintaining integrations.

API credentials are managed in LianaAccount under the application settings.

API credentials view

Log in to LianaAccount and open the application whose API credentials you want to manage. In the application details, you will see the API credentials tab.

API credential tab view

This tab displays all credentials created for the application along with their details:

  • Credential name
  • Client ID
  • Expiration date
  • Last active (Last used)

Creating a new credential

  1. Open the application's API credentials tab.
  2. Select Create credential.
  3. Give the credential a descriptive name (e.g., "CRM Integration").
  4. Set an expiration date if desired.
  5. Save the credential by selecting Create.
Creating API credential

After creation, the secret key will be displayed. Save the secret key in a secure location immediately — it cannot be viewed again later.

Rotating an API secret key (rotation)

If you suspect that a credential's secret key has been leaked, or if you want to replace it as a security precaution:

Rotating API credential
  1. Open the application's API credentials tab.
  2. Locate the desired credential, click the Options button on the right, and select Rotate.
  3. Rotation generates a new secret key. The new secret key is displayed only once — save it to a secure location immediately.
  4. Update the new secret key in your integration.

Note: The old secret key will stop working immediately.

Deleting an API credential

  1. Open the application's API credentials tab.

  2. Click options button on the right next to the credential you want to remove and select Delete.

  3. Confirm the deletion by selecting "I agree to delete this credential".

  4. Select Delete credential.

Deleting API credential

This action is irreversible. After deletion, the credential can no longer be used to authenticate with the API.

Using the API with OAuth 2.0 credentials

The new authentication method utilizes the OAuth 2.0 Client Credentials flow. The process consists of two steps:

1. Fetch an access token

Send a POST request to the token endpoint:

POST http://tokens.lianacloud.com/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=SINUN_CLIENT_ID&client_secret=SINUN_CLIENT_SECRET

Response:

{
  "access_token": "eyJhbGciOiJS...",
  "token_type": "Bearer",
  "expires_in": 900,
  "scope": "api"
}

The token is valid for 15 minutes (900 seconds).

2. Use the token in API calls

Add the received access token to the Authorization header of every API call:

GET https://rest.lianamailer.com/v1/lists
Authorization: Bearer eyJhbGciOiJS...

Credential renewal

Credentials are valid for 15 minutes. To ensure uninterrupted API calls, fetch a new credential before the old one expires. Do not wait for a 401 unauthorized error; request a new credential proactively.

Important Considerations

  • LianaMonitor: API usage requires a separate API license. Please contact sales if the interface is not yet enabled for your account.

  • Secret key visibility: The secret key is shown only once during creation or rotation. If you lose it, you must rotate the credential again to generate a new one.

  • Multiple credentials: You can create multiple credentials for the same application to accommodate different integrations.

  • Legacy methods: Legacy authentication methods will continue to work during a transition period, but we highly recommend migrating to the new OAuth 2.0 method as soon as possible.

 

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.