The MoonBack API allows you to quickly integrate, with complete autonomy, all the data and events that occur in your account with your platforms and applications.

MoonBack API Rest
Version: v.2.241 (20220702)

Remember to pass your API key in the query string as follows:{method}?{params}&api_token=********

Alternatively, you can add an authorization header to the request with your API key as token as follows:

Authorization: Bearer {token}

Api Tokens Generation

In your user panel, in the integrations section, you will find a page to generate API Tokens.

JWT Generation

Alternatively, you can use JWT to authenticate your requests. The JWT must contain the following:

  • An issuer matching your API Key
  • An issue time with the current UTC timestamp
  • A signature by your Private RSA Key
  • Only RS512 is supported at this time

The JWT must be signed using your private RSA key.

The following code snippet can be used to generate the JWT

* We recomend the use of Python 3.

- Install python dependency required to run this script by:
    pip install python-jose

The .pem file used in this script is the Private Key generated during the setup.

The value of \'iss\' is the API Key that was provided by Lirium during setup.

from jose import jwt
from datetime import datetime

def create_jwt():
    with open("your_private_key.pem", "r") as f:
        private_key =

    payload = {
        "iss": "your_api_key",
        "iat": int(datetime.utcnow().replace(tzinfo=datetime.timezone.utc).timestamp())
    return jwt.encode(payload, private_key, algorithm="RS512")

Here is an example with considering the API Key = 9de362f4d69d484c9a1af12d610f1caa

The JWT output is


This JWT must be sent on every request as the Bearer Token authorization HTTP header with the following form:

Authorization: Bearer <JWT here>

Rate Limits

API requests are limited to 5000/hour. If an operation has stricter limits it will be specified on the documentation of that endpoint.

If you reach the limit you'll be temporarily blocked and receive a response with:

HTTP status 429

Retry-After HTTP header indicating the seconds to wait until next request.
Rate limits are subject to change in the future so it's important to handle reaching these limits in your integration:

  • plan ahead your integration behavior based on the specified rate limit.
  • if limit is reached, pause and retry based on the Retry-After header.
  • avoid unnecessary polling, eg. remember scorecards are updated on a daily basis.


API Activation

Remember to ask your representative to connect the API and activate the methods you need to use.


MoonBack's API is versioned.

Our version numbers are computed using a two part versioning scheme: {major version}.{minor version}. The major number is directly set in the url : For instance, our first version is available at:

This versioning strategy will enable you to keep track of the smaller updates that happen on Pennylane side (we'll usually only change the minor version), as well as the more significant ones (we'll change the major version number). A major version change will most likely mean an update of the API version on your side.


API Depreciation Strategy

When we decide to deprecate a specific version, we will notify you by email at least one month in advance.

All of our API responses include the header Api-Version-Expires-At. If you are on the latest available version, this header should be empty. If you are on an older version, this header will have an expiration date. As soon as the expiration date is reached, the version will no longer be supported.