Authentication
Authentication
Section titled “Authentication”All LMIF API requests require authentication using an API key.
API Keys
Section titled “API Keys”LMIF uses bearer token authentication. Include your API key in the Authorization header:
Authorization: Bearer lmif_live_xxxKey Types
Section titled “Key Types”| Key Prefix | Environment | Purpose |
|---|---|---|
lmif_test_ | Sandbox | Development and testing |
lmif_live_ | Production | Live integrations |
Getting API Keys
Section titled “Getting API Keys”- Sign up at lookmaimfamous.com/developers
- Complete platform verification
- Receive your sandbox key immediately
- Apply for production access when ready
Production Access Requirements
Section titled “Production Access Requirements”To receive production API keys, your platform must:
- Demonstrate a working sandbox integration
- Agree to the LMIF Platform Agreement
- Implement required webhook handlers
- Pass a basic compliance review
Using the SDK
Section titled “Using the SDK”The TypeScript SDK handles authentication automatically:
import { LMIFClient } from '@lookmaimfamous/lmif';
const lmif = new LMIFClient({ apiKey: process.env.LMIF_API_KEY,});
// All requests are automatically authenticatedconst result = await lmif.identity.check({ name, imageUrl });Direct API Calls
Section titled “Direct API Calls”For direct HTTP requests, include the header:
curl -X POST https://api.lookmaimfamous.com/v1/lmif/identity/check \ -H "Authorization: Bearer lmif_live_xxx" \ -H "Content-Type: application/json" \ -d '{"name": "John Doe", "imageUrl": "https://example.com/image.jpg"}'Key Security Best Practices
Section titled “Key Security Best Practices”- Store keys securely - Use environment variables or a secrets manager
- Never commit keys - Add
.envto your.gitignore - Rotate regularly - Rotate keys every 90 days
- Use least privilege - Create separate keys for different environments
- Monitor usage - Check the dashboard for unusual activity
Key Management
Section titled “Key Management”Rotating Keys
Section titled “Rotating Keys”You can rotate API keys from your dashboard:
- Go to Settings → API Keys
- Click Rotate next to the key
- You’ll have 24 hours to update your integration
- The old key will be invalidated after 24 hours
Revoking Keys
Section titled “Revoking Keys”If a key is compromised:
- Go to Settings → API Keys
- Click Revoke next to the key
- The key is immediately invalidated
- Generate a new key
Rate Limiting
Section titled “Rate Limiting”API keys are subject to rate limits:
| Plan | Requests/minute | Requests/day |
|---|---|---|
| Sandbox | 60 | 1,000 |
| Basic | 300 | 50,000 |
| Standard | 1,000 | 500,000 |
| Enterprise | Custom | Custom |
See Rate Limits for details.
Error Responses
Section titled “Error Responses”Authentication errors return 401 Unauthorized:
{ "error": { "code": "UNAUTHORIZED", "message": "Invalid API key", "details": "The provided API key is invalid or has been revoked" }}Common authentication errors:
| Code | Description |
|---|---|
UNAUTHORIZED | Invalid or missing API key |
KEY_REVOKED | The API key has been revoked |
KEY_EXPIRED | The API key has expired (post-rotation) |
WRONG_ENVIRONMENT | Using sandbox key in production or vice versa |