Authentication is handled through the use of an API key, which can be managed in your
Lucca account settings.Each key is given a role, that dictates the depth and breadth of its access rights.Once you have an API key, you must reference it on all requests against the Legacy APIs
through the Authorization HTTP header in the following manner:
Copy
Ask AI
Authorization = lucca application={API_KEY}
Make sure to keep API keys secure. Delete it at once if you suspect it’s been
compromised and create a new one. You can also periodically change the API key.
Please not that if authentication was unsuccessful (most likely due to
an invalid API key), then the server will return a 401 Unauthorized HTTP
status code.
It is considered good practice to create a new API key for each integration
project. It gives you the opportunity to finely tune access scopes, and limits
security risks in case of a key value leak. In other words, try to attach the minimum
required access scope to any key. There is a guide about setting up access scopes.
Make sure to set the “technical contact” on all keys (email of someone tech-savy
among yourselves). This will be our primary contact point in case of technical problems
or API changes.
Copy
Ask AI
GET /api/v3/users HTTPS/2Host: example.ilucca.netAuthorization: lucca application={API_KEY}Accept: application/json
Our Cross-origin Ressource Sharing policy doesn’t allow API call from web browser using
a different domains than ilucca.net or ilucca-test.net.If you need to automate processes using a Lucca API Key, you should do it:
throught a script
from an API Platform (e.g. Postman or Azure API Management)