Skip to main content

Base URL

The Legitmark API is built on REST principles. We enforce HTTPS in every request to improve data security, integrity, and privacy. The API does not support HTTP. All requests contain the following base URL: 
https://api.Legitmark.com

Authentication

Platform Authentication

To authenticate your application, add an Authorization header with your API Key: 
Authorization: Bearer leo_xxxxxxxxx

Actor Authentication

For partner integrations, actor authentication is required to identify individual users within your platform: 
const headers = {
  'x-api-key': 'leo_xxxxxxxxx',                // Platform authentication
  'x-user-token': 'lm_usr_a1b2c3d4e5f6',      // Actor authentication
  'Content-Type': 'application/json'
};
Partner integrations require user registration and token management. User tokens are obtained through federation - a secure process that maps your platform’s users to Legitmark without sharing PII. See the complete Authentication Setup guide for partner registration, user federation, token management, and security requirements.

Response Format

Success Response

All successful API responses follow this structure: 
{
  "success": true,
  "message": "Operation completed successfully",
  "data": {
    // Response data in snake_case format
  },
  "metadata": {
    // Pagination metadata (for list endpoints)
    "total_count": 100,
    "page_number": 1,
    "total_pages": 10,
    "page_size": 10
  }
}

Pagination

List endpoints support pagination using query parameters:
  • page_number: Page number (default: 1, minimum: 1)
  • page_size: Number of items per page (default: 20, maximum: 100)
  • sort_by: Field to sort by
  • sort_direction: Sort direction (asc or desc)
Example: 
GET /api/users?page_number=1&page_size=20&sort_by=created_at&sort_direction=desc

Data Format

  • All request and response data uses snake_case formatting
  • Dates are in ISO 8601 format (e.g., 2024-01-01T00:00:00.000Z)
  • UUIDs are used for resource identifiers
  • Timestamps include created_at and updated_at fields

Content Types

  • Request Content-Type: application/json
  • Response Content-Type: application/json
  • All requests must include proper Content-Type headers