API Authentication

Create API tokens, authenticate requests, and select team context via headers.

Last updated:

API Authentication

The Lockwave REST API uses Bearer token authentication via Laravel Sanctum.

Creating an API Token

  1. Navigate to Profile → API Tokens
  2. Enter a descriptive token name (e.g. "CI/CD Pipeline")
  3. Select the permissions the token should have
  4. Click Create
  5. Copy the token immediately - it is only displayed once

Using the Token

Include the token in the Authorization header of every request:

curl -H "Authorization: Bearer YOUR_TOKEN" \
     -H "Accept: application/json" \
     https://lockwave.io/api/v1/ssh-keys

Team Context

API requests operate in the context of a team. By default, your current team is used. To target a different team, pass the X-Team-Id header:

curl -H "Authorization: Bearer YOUR_TOKEN" \
     -H "X-Team-Id: TEAM_UUID" \
     -H "Accept: application/json" \
     https://lockwave.io/api/v1/hosts

Token Rotation

For security, rotate API tokens periodically. Delete the old token and create a new one from the profile page. There is no automatic expiration - manage token lifecycle manually.

Rate Limiting

The API allows 60 requests per minute per authenticated user. Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining) are included in every response.

Back to API & Integrations Still need help?