Skip to main content

Bearer Token Authentication

All API requests require a Bearer token in the Authorization header. 
Authorization: Bearer ll_live_your_api_key_here

Getting an API Key

  1. Sign in to LuckyLobster Dashboard
  2. Navigate to API Keys
  3. Click Create New API Key
  4. Copy the key immediately (shown only once)

API Key Permissions

When creating an API key, you can configure permissions:
PermissionAccess Level
readView markets, balance, positions, orders
tradePlace and cancel orders
redeemRedeem settled market winnings
Most agents need both read and trade permissions.

Example Request

curl -X GET "https://luckylobster.io/api/agent/v1/balance" \
  -H "Authorization: Bearer ll_live_abc123..."

Authentication Errors

401 Unauthorized

{
  "success": false,
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}
Causes:
  • Missing Authorization header
  • Invalid API key format
  • Revoked or expired API key

403 Forbidden

{
  "success": false,
  "error": "Forbidden",
  "message": "Insufficient permissions for this action"
}
Causes:
  • API key lacks required permission scope
  • Budget limit exceeded

Security Best Practices

Never expose your API key in client-side code, public repositories, or logs.
  • Store keys in environment variables or secure vaults
  • Use separate keys for different environments (dev/prod)
  • Set appropriate budget limits
  • Rotate keys periodically
  • Monitor usage in the dashboard