Skip to main content
The Leadey API authenticates with API keys. Each key belongs to one organization, and every request you make with it acts as that organization — there’s no separate user context.

API keys

Keys are created in the Cockpit under Settings → API Keys. A key looks like this:
leadey_sk_live_Xy3f…a1b2
  • The full key is shown once, at creation. Leadey stores only a hash, so a lost key can’t be recovered — create a new one instead.
  • The dashboard lists each key by a masked label (leadey_sk_live_••••a1b2), its creation date, and when it was last used.
  • A key stays valid until you revoke it. Revocation takes effect immediately.

Sending your key

Send the key as a Bearer token in the Authorization header on every request.
curl https://backend.leadey.ai/v1/me \
  -H "Authorization: Bearer $LEADEY_API_KEY"
A request with a missing, malformed, or revoked key returns 401:
{ "error": { "message": "Invalid or revoked API key.", "details": null } }

Keeping keys safe

An API key carries the access of your whole workspace. Treat it like a password.
  • Store keys in environment variables or a secrets manager — never in source control or client-side code.
  • Use a separate key per integration so you can revoke one without disrupting the others.
  • Rotate keys periodically: create the new one, deploy it, then revoke the old one.
  • Revoke immediately if a key may have leaked.

Base URL

All endpoints are served under the versioned base URL:
https://backend.leadey.ai/v1