Liya Engine

API key authentication for the Liya Engine REST API, dashboard JWT flow, and key management.

API Key Authentication

All /v1/* endpoints require an API key passed in the x-api-key request header.

curl -X POST https://api.liyaengine.ai/v1/hiring/resume-analysis \
  -H "x-api-key: liya_prod_xxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{ ... }'

API keys are scoped to your tenant and carry all domain and intent permissions associated with your account.

Keys are prefixed with liya_ followed by a random 32-byte token. The full key is only shown once — at creation or rotation. The dashboard shows a masked preview (e.g. liya_F9y-...o4k) for identification.

Getting your key

Sign up at app.liyaengine.ai/dashboard
Verify your email address
Your API key is generated automatically on account creation — copy it from the API Keys page before leaving

Rotating your key

POST https://api.liyaengine.ai/dashboard/api-key/rotate
Authorization: Bearer <dashboard_jwt>

Rotating generates a new key and immediately invalidates the old one. The full key is returned once in the response — save it.

{
  "success": true,
  "data": {
    "apiKey": "liya_prod_...",
    "maskedKey": "liya_F9y-...o4k"
  },
  "message": "Save this key now — it will not be shown again."
}

Dashboard Authentication (JWT)

The dashboard web app (app.liyaengine.ai/dashboard) uses email/password login and issues a short-lived JWT for dashboard API calls.

POST https://api.liyaengine.ai/auth/signup
Content-Type: application/json
 
{
  "companyName": "Acme Corp",
  "email": "[email protected]",
  "password": "...",
  "fullName": "Jane Smith"    // optional
}

Response

{
  "success": true,
  "data": {
    "token": "<jwt>",
    "user": { "id": "...", "email": "[email protected]", "role": "owner" },
    "tenant": { "tenantId": "acme-corp", "tenantName": "Acme Corp", "plan": "starter" },
    "apiKey": "liya_prod_..."
  }
}

The apiKey is only returned at signup. Store it securely. A verification email is sent automatically — the dashboard enforces email verification before full access.

POST https://api.liyaengine.ai/auth/login
Content-Type: application/json
 
{
  "email": "[email protected]",
  "password": "..."
}

JWT usage

Pass the JWT as a Bearer token for all /dashboard/* endpoints:

Authorization: Bearer <jwt>

JWTs expire after 7 days by default. Call GET /auth/me to refresh.

Error codes

Code	HTTP	Meaning
`INVALID_API_KEY`	401	Key missing or not recognised
`API_KEY_REVOKED`	401	Key was rotated or manually revoked
`DOMAIN_NOT_ENABLED`	403	Domain not in your tenant's `enabled_domains`
`INTENT_NOT_PERMITTED`	403	Intent disabled for your tenant
`INVALID_CREDENTIALS`	401	Wrong email or password
`ACCOUNT_INACTIVE`	403	Account deactivated — contact support
`EMAIL_TAKEN`	409	Account already exists for this email

Authentication