API Keys
API Keys are Bearer tokens that grant programmatic access to the LeadHub REST API. Use them to build custom integrations, sync data with other systems, or automate tasks via code.
Creating an API Keyโ
- Go to Integrations โ API Keys.
- Click New API Key.
- Fill in:
| Field | Description |
|---|---|
| Name | Descriptive name (e.g. "My App Integration", "Zapier") |
| Permissions | Which actions this key can perform (read-only, read-write) |
| Expires At | Optional expiry date; leave blank for no expiry |
- Click Save.
- Copy the token immediately โ it is only shown once. If you lose it, you must regenerate it.
Using an API Keyโ
Include the key as a Bearer token in every API request:
GET /api/leads HTTP/1.1
Host: yourdomain.com
Authorization: Bearer YOUR_API_KEY_HERE
Content-Type: application/json
API Endpointsโ
| Method | Endpoint | Description |
|---|---|---|
GET | /api/leads | List all leads (paginated) |
GET | /api/leads/{id} | Get a single lead |
POST | /api/leads | Create a new lead |
PUT | /api/leads/{id} | Update a lead |
DELETE | /api/leads/{id} | Delete a lead |
GET | /api/pipelines | List pipelines |
GET | /api/tags | List tags |
POST | /api/leads/{id}/tags | Add tags to a lead |
Full API reference is available in the LeadHub Swagger docs at /api/documentation on your installation.
Revoking a Keyโ
To revoke an API key:
- Go to Integrations โ API Keys.
- Click the delete icon on the key row and confirm.
The key is immediately invalidated. Any requests using it will receive a 401 Unauthorized response.
Security Best Practicesโ
- Never commit API keys to version control (GitHub, Bitbucket, etc.)
- Use read-only keys when you only need to read data
- Set expiry dates on keys used for temporary integrations
- Revoke keys immediately if they may have been exposed
- Use one key per integration so you can revoke specific ones independently