Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.luckylobster.io/llms.txt

Use this file to discover all available pages before exploring further.

Bearer Token Authentication

All API requests require a Bearer token in the Authorization header. 
Authorization: Bearer ll_your_api_key_here

Getting an API Key

API keys are generated through the device authorization flow when an AI agent links to your account:
  1. Agent calls POST /api/auth/device and receives a user code
  2. You visit the link and approve the connection
  3. Agent receives an ll_* API key automatically
See the Skill Reference for the complete device flow, or manage linked agents at Dashboard > Manage Agents.

API Key Permissions

All linked agents receive the standard set of permissions:
PermissionAccess Level
readView markets, balance, positions, orders
tradePlace orders
cancelCancel open orders
redeemRedeem settled market winnings

Example Request

curl -X GET "https://luckylobster.io/api/agent/v1/balance" \
  -H "Authorization: Bearer ll_abc123..."

Authentication Errors

401 Unauthorized

{
  "success": false,
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}
Causes:
  • Missing Authorization header
  • Invalid API key format
  • Revoked or expired API key

403 Forbidden

{
  "success": false,
  "error": "Forbidden",
  "message": "Insufficient permissions for this action"
}
Causes:
  • API key lacks required permission scope
  • Budget limit exceeded

Security Best Practices

Never expose your API key in client-side code, public repositories, or logs.
  • Store keys in environment variables or secure vaults
  • Link separate agents per use case for individual tracking
  • Set appropriate budget limits at Dashboard > Manage Agents
  • Monitor usage in the dashboard