Skip to main content

Overview

API keys allow AI agents and applications to access your LuckyLobster account programmatically. Each key has configurable permissions, budget limits, and rate limits.

Creating an API Key

1

Navigate to API Keys

Go to Dashboard > API Keys and click Create New Key
2

Configure Settings

SettingDescriptionRecommendation
NameDescriptive identifierInclude agent name (e.g., “ClawdBot Prod”)
PermissionsAccess scopesStart with read + trade
Budget LimitMax spendingStart low ($50-100)
Budget PeriodReset frequencymonthly for most use cases
Rate LimitRequests/minute100 default is usually sufficient
ExpirationAuto-disable dateOptional, good for temporary access
3

Copy Your Key

Copy immediately - the full key is only shown once!
ll_live_abc123xyz789defghi456...

Permission Scopes

ScopeAllowsUse Case
readView markets, balance, positions, ordersAll agents need this
tradePlace and cancel ordersTrading agents
redeemRedeem settled market winningsAutomated redemption
Follow the principle of least privilege. Only grant permissions your agent actually needs.

Budget Configuration

Budget Limits

Set maximum spending per API key to protect against:
  • Bugs in agent logic
  • Unexpected market conditions
  • Compromised keys

Budget Periods

PeriodBest For
dailyHigh-frequency trading with tight daily limits
weeklyBalanced control and flexibility
monthlyStandard agents with predictable spending
neverFixed total budget that doesn’t reset

Checking Budget

Agents can check their remaining budget: 
curl "https://luckylobster.io/api/agent/v1/budget" \
  -H "Authorization: Bearer ll_live_..."

Rate Limits

Default rate limit: 100 requests/minute Configure based on your agent’s needs:
  • Simple agents: 60-100 req/min
  • Active traders: 100-200 req/min
  • High-frequency: Contact us for custom limits
Rate limit headers are included in every response: 
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1704067200

Managing Keys

Viewing Keys

All your API keys are listed at Dashboard > API Keys with:
  • Name and creation date
  • Permission summary
  • Budget usage
  • Request count
  • Status (active/expired/revoked)

Revoking Keys

To revoke a key:
  1. Find the key in your list
  2. Click Revoke
  3. Confirm the action
Revoking is immediate and irreversible. Any agents using that key will lose access instantly.

Rotating Keys

Best practice: rotate keys periodically.
  1. Create a new key with same permissions
  2. Update your agent configuration
  3. Verify the agent works with new key
  4. Revoke the old key

Best Practices

Create dedicated keys for each agent or use case. This allows:
  • Individual budget tracking
  • Selective revocation
  • Clear audit trails
Begin with low budget limits ($50-100) and increase as you verify agent behavior.
For testing or temporary agents, set an expiration date so keys auto-disable.
Use environment variables or secure vaults. Never commit keys to repositories.

API Key Format

ll_live_<64_character_hash>
  • Prefix: ll_live_ (production) or ll_test_ (sandbox/future)
  • Hash: 64-character secure random string
  • Total: ~72 characters