API Keys
Every LNbits wallet has an Admin key (full access) and an Invoice key (receive-only). Use the right key for each operation.
Every LNbits wallet has two API keys with different permission levels.
Key types
| Key | Header | Permissions |
|---|---|---|
| Admin key | X-Api-Key: <admin_key> | Full access - send, receive, read, manage |
| Invoice key | X-Api-Key: <invoice_key> | Limited - create invoices, read wallet info |
Admin key
The admin key grants full control over a wallet:
- Create invoices (receive payments)
- Pay invoices (send payments)
- Read wallet balance and transaction history
- Manage wallet settings
- Access extension APIs that modify data
curl -H "X-Api-Key: ADMIN_KEY" \
https://your-lnbits.com/api/v1/walletWARNING
Treat the admin key like a password. Anyone with this key can spend your wallet balance.
Invoice key
The invoice key has read + receive permissions only:
- Create invoices (receive payments)
- Read wallet balance and transaction history
- Access extension APIs that only read data
curl -H "X-Api-Key: INVOICE_KEY" \
https://your-lnbits.com/api/v1/walletUse the invoice key when you only need to receive payments - for example, in a point-of-sale terminal or a public payment page.
Finding your keys
Every wallet ships with its own pair of keys. Here is where to find them.
- Log in to LNbits and pick the wallet you want from the left sidebar. Each wallet has its own independent pair of keys.
- On the wallet page, click API info panel (right sided). A panel expands.
- The panel lists:
- Admin key - full access, keep secret
- Invoice/read key - receive-only, safe to share with services that only need to issue invoices or read balance
- Wallet ID - the wallet's unique identifier
- API base URL - the LNbits instance these keys belong to
- Click the eye icon next to a key to reveal it, or the copy icon to copy it to your clipboard.
Both keys are 32-character hex strings and belong to this one wallet only. Creating a new wallet generates a brand-new pair.
Keep the Admin key secret
Anyone holding the Admin key can spend your balance. Never paste it into browser-side JavaScript, public GitHub repos, or screenshots you share in chats.
Key rotation
API keys can be regenerated from the wallet settings. Regenerating a key immediately invalidates the old one.
Bearer tokens
LNbits also supports Bearer token authentication for user-level operations:
curl -H "Authorization: Bearer ACCESS_TOKEN" \
https://your-lnbits.com/api/v1/walletAccess tokens are obtained through the authentication API.