Skip to main content

Authorization

Follow this guide to create a new Lago credential that will allow Nexla to authenticate to and exchange data with your Lago account.
lago_api_auth.png

Lago

Prerequisites

Lago uses API key authentication. All API requests must include a Bearer token in the Authorization header. Your API key is scoped with granular permissions that you configure in the Lago dashboard.

Lago Account and API Key Setup

To connect Nexla to Lago, you need a Lago account (either self-hosted or Lago Cloud) and an API key.

For Lago Cloud:

  1. Sign in to your Lago Cloud account at app.getlago.com.

  2. Navigate to Developers in the left sidebar, then select API keys.

  3. Click the Add a key button to create a new API key.

  4. Optionally, provide a descriptive name for the key (for example, "Nexla Integration") to identify its purpose later.

  5. Configure the permissions for this API key. Lago supports granular per-object permissions:

    • Set each resource (customers, subscriptions, invoices, events, billable metrics, plans, etc.) to Read, Write, or Read & Write as needed for your integration.

    • For a data source integration (reading data into Nexla), granting Read access to the relevant resources is sufficient.

    • For a destination integration (writing data from Nexla to Lago), grant Write or Read & Write access to the resources you intend to update.

  6. Click Save (or Create) to generate the API key.

Important

Copy and securely store your API key immediately after creation. For security reasons, the full key value is only displayed once. If you lose access to it, you will need to rotate or delete the key and create a new one.

For Lago Self-Hosted:

  1. Log in to your self-hosted Lago instance.

  2. Navigate to Developers > API keys in the dashboard.

  3. Click Add a key, optionally name it, configure permissions, and click Save.

  4. Copy the generated API key and store it securely.

To rotate an existing API key, navigate to Developers > API keys and click the Rotate API key button. The previous key is immediately deactivated when a new key is generated. For additional details on API key management, see the Lago API Keys documentation.

Base URL

The API base URL depends on your deployment:

  • US Cluster (Lago Cloud): https://api.getlago.com/api/v1
  • EU Cluster (Lago Cloud): https://api.eu.getlago.com/api/v1
  • Self-Hosted: Your own instance URL, typically https://<your-domain>/api/v1

You will need this base URL when configuring data source and destination endpoints in Nexla.

Create a Lago Credential

  • To create a new Lago credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

API Key

  1. Enter your Lago API key in the API Key field. This key authenticates all requests Nexla makes to the Lago API and should be kept secure. Nexla will include it as a Bearer token in the Authorization header of every API call.

    Your Lago API key is a sensitive credential. Do not share it publicly or include it in source code. Use Nexla's credential management to keep it secure.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.