Getting started

Authentication

Every authenticated endpoint takes a bearer API key. Keys are created from the dashboard and can be restricted to individual scopes (leads:read, email:validate, etc).

Get a key

During the developer preview, keys are issued by invite. Drop your email at /signup — if you already have an invite key, paste it there. Once signed in, manage your keys in the main dashboard.

Header format

Authorization: Bearer ll_sk_XXXXXXXXXXXXXXXXXXXXXXXX

Keys start with ll_sk_ (secret key) or ll_pk_ (publishable, coming soon). Never commit a secret key — put it in an env var and reference it at runtime.

Scopes

leads:read

Search and list leads

leads:unlock

Reveal contact details for a lead

leads:enrich

Run enrichment on a lead or company

leads:export

Export search results to CSV/JSON

email:validate

Single and bulk email validation

webhooks:*

Manage webhook endpoints

account:read

Read usage and plan info

Testing without a key

Hit the Playground — anonymous callers get 20 requests/day/IP against a capped subset of endpoints. No signup, no key, no cookie.

Security note: keys are hashed at rest; we never show a key a second time after creation. If you lose a key, rotate it — you don't need to reach out to anyone.