Logo

Authentication

LendingClub will provide users an access ID and a secret key that together will generate the authorization ‘bearer’ token. The temporary token is the user's authorization key to call the LCX PM services and is only valid for 30 minutes. To generate the bearer token, users will need to call the authentication API as follows.

URL: https://api.lendingclub.com/auth/oauth/v2/token?realm=lc

POST

Headers:

Content-Type: application/json
Authorization: LC-API2 Base64('access-id':'secret-key')

Body:
{"grant_type": 'client_credentials'}

Sample Response:
{
"access_token":"2d8ff349-cf79-4656-95a9-6014cafc5a86",
"token_type":"Bearer",
"expires_in":3600,
"scope":"oob",
"requires_mfa":false
}

Base64 in the above example means that users will need to use base64 encoded version of string ‘access-id’:’secret-key’.

For example, assume a user has the following API credentials:
access-id: A9B9AB9QIAFAKBNQG9E9
secret-key: DC9XuKWjFb0y9x9ABKkAXscvQ2zEiu6bPMGwr0Lk/3joGIMWh

The user needs to encode the string:

P9L8PJ9QIAFAKBNQG6E0:DGj2XuKWjFb0y9x7ABKkAXscvQ2zEiu7bPMGwr0Lk/3joGIMWg

in base64 format, which is:

UDlMOFBKOVFJQUZBS0JOUUc2RTA6REdqMlh1S1dqRmIweTl4N0FCS2tBWHNjdlEyekVpdTdiUE1Hd3IwTGsvM2pvR0lNV2c=

Then the authorization header in the authentication API call will be:

Authorization: LC-API2
UDlMOFBKOVFJQUZBS0JOUUc2RTA6REdqMlh1S1dqRmIweTl4N0FCS2tBWHNjdlEyekVpdTdiUE1Hd3IwTGsvM2pvR0lNV2c=

An example cURL command to invoke authentication endpoint for Sandbox Environment will be:

curl --location --request POST 'https://api-sandbox.lendingclub.com/auth/oauth/v2/token?realm=lc' \
--header 'Content-Type: application/json' \
--header 'authorization: LC-API2
UDlMOFBKOVFJQUZBS0JOUUc2RTA6REdqMlh1S1dqRmIweTl4N0FCS2tBWHNjdlEyekVpdTdiUE1Hd3IwTGsvM2pvR0lNV2c=' \
--data-raw '{"grant_type": "client_credentials"}'

The response will be:
{
"access_token": "aa367982-bef6-4f05-a156-10c1431988bc",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "oob",
"requires_mfa": false
}

For every call to the LCX PM APIs, users must include the token as part of the authorization header.

GET /api/lcx/v1/primary/listings HTTP/1.1
Host: api.lendingclub.com
cache-control: no-cache
Authorization: Bearer aa367982-bef6-4f05-a156-10c1431988bc

Unless otherwise specified, all credit and deposit products are provided by LendingClub Bank, N.A., Member FDIC, Equal Housing Lender (“LendingClub Bank”), a wholly-owned subsidiary of LendingClub Corporation, NMLS ID 167439. Credit products are subject to credit approval and may be subject to sufficient investor commitment. Credit union membership may be required. Deposit accounts are subject to approval. Deposit products are FDIC-insured up to $250,000 per depositor, per ownership category.

LendingClub,” the “LC” symbol, “TopUp,” and “DebtIQ” are trademarks of LendingClub Bank.

© 2024 LendingClub Bank. All rights reserved.