Skip to main content

API Key Authentication

LexQ uses API keys to authenticate all API requests. Include your key in the x-api-key header: 
curl -X POST https://api.lexq.io/api/v1/execution/groups/{groupId} \
  -H "x-api-key: sk_live_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"facts": {"payment_amount": 100000}}'

Obtaining an API Key

  1. Log in to the LexQ Console
  2. Navigate to Management → API Keys
  3. Click Create API Key
  4. Copy the key immediately — it will not be shown again
API keys follow the format sk_live_ followed by a Base64 string (e.g., sk_live_a1b2c3d4e5f6...).

Key Management

ActionDescription
CreateGenerate a new key with an optional description
RevokePermanently disable a key (immediate effect)
RegenerateRevoke the old key and issue a new one in a single step
Revoked keys cannot be reactivated. If a key is compromised, revoke it immediately and create a new one.

Security Best Practices

  • Never expose API keys in client-side code, public repositories, or browser requests
  • Use environment variables or secret managers to store keys
  • Rotate keys periodically
  • Use separate keys for development and production environments
  • Each key is scoped to a single tenant — there is no cross-tenant access

Scope

A single API key grants access to both the Management API (/api/v1/partners) and the Execution API (/api/v1/execution) for the same tenant.

Rate Limits

API requests are throttled based on your plan’s TPS (transactions per second) limit:
PlanMax TPS
Free5
Growth50
Pro200
Exceeding the limit returns HTTP 429 Too Many Requests.