Listdom API Settings

Overview

To configure API tokens, go to Listdom → Settings → API. This screen lets you generate and manage API tokens used to authenticate external applications with your Listdom-powered website.

These tokens are required when connecting:

• Mobile applications
• Third-party integrations
• Custom frontend applications
• Automation tools
• External services that consume Listdom data

Each token acts as a secure access key for your REST API endpoints.

Nota

API functionality is available in Listdom Pro. Make sure the Pro plugin is installed and activated before using API endpoints.

Precaución

Do not delete an API token if it is currently used by an external application. Removing a token immediately invalidates it and can break the related integration.

Interface overview

API Base URL

At the top of the page, Listdom shows your WordPress REST base URL.

Example:

https://your-site.com/wp-json/

Use this URL as the base when building API requests. Listdom endpoints are appended to this base URL.

API Tokens section

This is the main area where you create and manage authentication tokens.

Each token includes:

• Token Name
  • A descriptive internal label (for example: Default API, Mobile App, CRM Integration).
• Token Key
  • A securely generated key used to authenticate API requests.
• Delete icon
  • Removes the token after confirmation (click twice to remove the token).

Add Token

Use Add Token to create a new token row.

After adding a token:

1. Enter a descriptive name.
2. Save the changes.
3. Copy the generated Token Key and use it in your external application.

Save The Changes

You must click Save The Changes to:

• Generate new tokens
• Apply token name edits
• Confirm token removals

Changes are not applied until they are saved.

How authentication works

When sending requests to Listdom REST endpoints:

1. Include your API Token Key in the request header.
2. Listdom validates the token.
3. If the token is missing or invalid, access is denied.

Detailed authentication examples are available in Developers REST documentation.

Best practices

• Use separate tokens for different applications.
• Avoid sharing one token across multiple services.
• Rotate tokens periodically.
• Store tokens securely and never expose them in public frontend code.
• Use environment variables in custom integrations.

Security recommendation

If a token is compromised:

1. Delete it immediately.
2. Generate a new token.
3. Update each affected integration with the new key.

Consejo

Full developer documentation is available in the Developers documentation.