Create an API key
Open Developers in the LeadCeleris app and create a named API key. The complete key is displayed once; copy it directly into server-side secret storage.
Use separate keys for production, staging, and local development so one credential can be revoked without interrupting every environment.
Send Bearer authentication
Send Authorization: Bearer <api-key> on requests to https://app.leadceleris.com/api/v1. Current read endpoints require a key with the read scope.
A missing or invalid key returns HTTP 401. A valid key without the required scope returns HTTP 403.
Protect and rotate keys
Never put a LeadCeleris API key in client-side JavaScript, mobile application bundles, screenshots, analytics events, or source control. Proxy browser requests through your own authenticated backend.
- Store keys in a secrets manager or encrypted environment variable
- Revoke a key immediately if it may have leaked
- Use the last-used timestamp to identify stale credentials
