Skip to main content

Overview

API keys allow AI agents to access your LuckyLobster account programmatically. Each key is tied to a linked agent and has configurable budget limits.

How API Keys Are Created

API keys are generated automatically through the device authorization flow when an AI agent links to your account. There is no manual key creation - the process is:
1

Agent Requests a Code

Your agent calls POST /api/auth/device and receives a user code
2

You Approve the Link

Visit the link page shown by your agent and enter the code to approve
3

Agent Receives Key

After approval, the agent receives an ll_* API key automatically
ll_abc123xyz789defghi456...
See the Skill Reference for the complete device authorization flow with code examples.

Permission Scopes

All linked agents receive the standard set of permissions:
ScopeAllowsUse Case
readView markets, balance, positions, ordersAll agents need this
tradePlace ordersTrading agents
cancelCancel open ordersTrading agents
redeemRedeem settled market winningsAutomated redemption

Budget Configuration

Budget Limits

Configure spending limits for each agent at Dashboard > Manage Agents to protect against:
  • Bugs in agent logic
  • Unexpected market conditions
  • Compromised keys

Budget Settings

SettingDescription
Fixed LimitMaximum USDC the agent can spend
Budget PercentPercentage of wallet balance the agent can use
Max Position ValueCap on total open position value
The effective budget is the most restrictive of all configured limits and the wallet balance.

Checking Budget

Agents can check their remaining budget: 
curl "https://luckylobster.io/api/agent/v1/budget" \
  -H "Authorization: Bearer ll_..."

Rate Limits

Default rate limit: 100 requests/minute Rate limit headers are included in every response: 
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1704067200

Managing Agents

Viewing Agents

All your linked agents are listed at Dashboard > Manage Agents with:
  • Name and link date
  • API key prefix
  • Budget usage
  • Strategy count
  • Status (active/paused/revoked)

Pausing Agents

To temporarily disable an agent without revoking its key:
  1. Find the agent in your list
  2. Click the pause button
  3. Select a duration (15 minutes, 30 minutes, 1 hour, 4 hours, or indefinitely)
Paused agents can be resumed at any time.

Revoking Keys

To permanently revoke an agent’s access:
  1. Find the agent in your list
  2. Click Revoke
  3. Confirm the action
Revoking is immediate and irreversible. The agent will lose access instantly.

Best Practices

Begin with low budget limits and increase as you verify agent behavior.
Use the pause feature to temporarily disable agents without revoking access. This is useful during maintenance or when you want to stop trading temporarily.
Use environment variables or secure vaults. Never commit keys to repositories.

API Key Format

ll_<64_character_hash>
  • Prefix: ll_
  • Hash: 64-character secure random string