MCPSDK & API

Multi Tenancy

Understand how API Keys are scoped per tenant environment.

To ensure strict data isolation and regulatory safety, Links is built as a multi-tenant platform and enforces environment-scoped authentication.

This page explains how API Keys work across tenants and environments, and how to use them correctly in your applications.

Tenant-scoped API Keys

Every API Key in Links is issued for exactly one tenant.

A tenant represents your logical workspace (for example, different customer tenants - as well as, sandbox vs production) inside the Links platform.

This means:

  • An API Key can only access data that belongs to its assigned tenant
  • The same user can hold multiple API Keys for different tenants
  • An API Key cannot be used to access another tenant’s data

This design guarantees strict isolation between customers and organizations.

Environment-scoped API Keys (Sandbox vs Production)

In addition to tenant isolation, API Keys are also environment specific.

Links provides separate environments:

  • Sandbox – for development, testing, and integration
  • Production – for live financial and operational data

For each tenant:

  • You will have a Sandbox API Key
  • You will have a Production API Key

These keys are completely separate and cannot be reused across environments.

Key rules at a glance

  • ✅ One API Key = one tenant environment
  • ✅ Sandbox keys only work with Sandbox endpoints
  • ✅ Production keys only work with Production endpoints
  • ❌ Sandbox keys cannot access Production data
  • ❌ Production keys cannot access Sandbox data

Links sits directly in the financial and accounting data path (sub-ledgers, journals, and general ledger integrations).
Separating tenants and environments at the API-key level ensures:

  • Strong customer and organization isolation
  • No accidental cross-tenant access
  • No accidental writes to Production from test systems
  • Clear audit and compliance boundaries

How to choose the correct API Key

When configuring your application, always select the API Key that matches:

  1. The tenant you intend to access
  2. The environment you are targeting

Typical setup:

  • Use the Sandbox API Key for:
    • local development
    • staging environments
    • integration testing
  • Use the Production API Key only for:
    • live systems
    • real financial data processing
    • production workflows

Example: using different keys per environment

import { LinksSDK } from '@links/sdk';

const client = new LinksSDK({
  apiKey:
    process.env.LINKS_ENV === 'production'
      ? process.env.LINKS_PROD_API_KEY
      : process.env.LINKS_SANDBOX_API_KEY,
});

Introduction

Welcome to the Links SDK documentation.

Get API Key

How to retrieve your API Key or Authorization Bearer Token.

On this page

Tenant-scoped API Keys
Environment-scoped API Keys (Sandbox vs Production)
Key rules at a glance
Why Links enforces this model
How to choose the correct API Key
Example: using different keys per environment