Skip to main content
Documentation
API Reference

Authentication

All Laghav API calls (except /v1/playground and /health) require an API key sent as a Bearer token.

API Key Types

Key prefixTypeLimitsBillable
lgh_live_xxxProductionPer-plan monthly quotaYes
lgh_test_xxxTest / development100 calls/dayNo

Test keys behave identically to live keys but are free and rate-limited. Use them in CI, dev, and staging. Keys are validated via HMAC-SHA256 hash lookup — invalid keys return 401 immediately with no database query.

Sending the Authorization header

bash
# Standard Bearer token header
curl https://api.laghav.ai/v1/complete \
  -H "Authorization: Bearer lgh_live_xxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"messages": [...], "model": "auto"}'

In the SDKs

auth.py
# Option 1: Pass directly
from laghav import LaghavClient
client = LaghavClient(api_key="lgh_live_xxxxxxxxxxxx")
 
# Option 2: From environment variable (recommended)
import os
client = LaghavClient(api_key=os.environ["LAGHAV_API_KEY"])
 
# Option 3: Auto-read from LAGHAV_API_KEY env var
client = LaghavClient()  # reads LAGHAV_API_KEY automatically

Creating and managing keys

Generate keys from your dashboard under Settings → API Keys. You can also create keys via the API:

bash
# Create a new key
curl -X POST https://api.laghav.ai/api/keys \
  -H "Authorization: Bearer lgh_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{"name": "Production App", "app_id": "app_abc123"}'
# List all keys
curl https://api.laghav.ai/api/keys \
  -H "Authorization: Bearer lgh_live_xxx"
# Revoke a key
curl -X DELETE https://api.laghav.ai/api/keys/key_xyz789 \
  -H "Authorization: Bearer lgh_live_xxx"
Store keys securely
API keys are shown once at creation time. Store them in environment variables or a secrets manager (e.g. AWS Secrets Manager, Doppler, Infisical). Never commit keys to source control.

Authentication errors

HTTPCodeCause
401UNAUTHORIZEDMissing Authorization header
401INVALID_KEYKey not found or hash mismatch
401KEY_REVOKEDKey was manually revoked
curl QuickstartPOST /v1/complete