LeadCeleris
LeadCeleris developer platform

API authentication and key safety

Create a LeadCeleris API key, send Bearer authentication, and rotate credentials safely.

Reading time

5 min

Sections

3 implementation topics
01

Create an API key

Open Developers in the LeadCeleris app and create a named API key. The complete key is displayed once; copy it directly into server-side secret storage.

Use separate keys for production, staging, and local development so one credential can be revoked without interrupting every environment.

02

Send Bearer authentication

Send Authorization: Bearer <api-key> on requests to https://app.leadceleris.com/api/v1. Current read endpoints require a key with the read scope.

A missing or invalid key returns HTTP 401. A valid key without the required scope returns HTTP 403.

03

Protect and rotate keys

Never put a LeadCeleris API key in client-side JavaScript, mobile application bundles, screenshots, analytics events, or source control. Proxy browser requests through your own authenticated backend.

  • Store keys in a secrets manager or encrypted environment variable
  • Revoke a key immediately if it may have leaked
  • Use the last-used timestamp to identify stale credentials