Docs / API Reference / API Keys

API Keys

You can manage API keys from the dashboard or programmatically via these endpoints. Each organisation can have up to 10 active keys at once.

The full raw key is returned once only — at creation. It is never stored server-side (only its SHA-256 hash is kept). Save it immediately or you will need to create a new key.

List API Keys

GET/api/v1/api-keysauth

List all active (non-revoked) API keys for your organisation.

json
{
  "success": true,
  "data": [
    {
      "id": "cm9key001",
      "name": "My Automation Script",
      "keyPrefix": "ll_a1b2c3d4e5",
      "lastUsedAt": "2026-05-04T10:23:00.000Z",
      "expiresAt": null,
      "createdAt": "2026-05-01T08:00:00.000Z",
      "user": {
        "firstName": "Alice",
        "lastName": "Smith",
        "email": "[email protected]"
      }
    }
  ]
}
curl
curl https://leadsapi.postorbit.io/api/v1/api-keys \
  -H "Authorization: Bearer $LOCALLEADS_API_KEY"

Create an API Key

POST/api/v1/api-keysauth

Generate a new API key. The full raw key is returned once in the response.

Body parameters

name*
string

A human-readable label. Max 100 characters. Defaults to "API Key" if omitted.

expiresAt
ISO 8601 date string | null

Optional expiry. Must be a future date. Omit or pass null for a non-expiring key.

json
{
  "success": true,
  "data": {
    "id": "cm9key001",
    "name": "My Automation Script",
    "keyPrefix": "ll_a1b2c3d4e5",
    "expiresAt": null,
    "createdAt": "2026-05-05T09:00:00.000Z",
    "key": "ll_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2"
  }
}
Copy data.key immediately and store it in a secrets manager or environment variable. It will not appear in any subsequent response.
curl
curl -X POST https://leadsapi.postorbit.io/api/v1/api-keys \
  -H "Authorization: Bearer $LOCALLEADS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "CI Pipeline Key", "expiresAt": "2027-01-01"}'

Revoke an API Key

DELETE/api/v1/api-keys/:idauth

Permanently revoke an API key. Any subsequent request using this key returns 401. Cannot be undone.

Path parameters

:id*
string

The id of the key to revoke, from the list or create responses.

json
{ "success": true }
curl
curl -X DELETE https://leadsapi.postorbit.io/api/v1/api-keys/cm9key001 \
  -H "Authorization: Bearer $LOCALLEADS_API_KEY"
Implement key rotation in long-running pipelines: create a new key, update your environment, verify it works, then revoke the old one. This gives zero-downtime rotation without service interruption.
CreditsClaude MCP Server