Skip to main content

API Key Authentication

Legitmark uses API key authentication. Your API key identifies your platform and authorizes access to Legitmark services.
Need an API key? See Getting Started to set up your organization and create one in the Developer Settings.
Include your API key in the Authorization header of all requests: 
const headers = {
  'Authorization': 'Bearer leo_xxxxxxxxx',
  'Content-Type': 'application/json'
};
If using the TypeScript SDK, authentication is handled automatically: 
import { Legitmark } from 'legitmark';

const legitmark = new Legitmark('leo_your_api_key');

Security Model

All API communications use your API key for authentication. Personal information is never transmitted in headers, URLs, or query parameters, meeting strict data protection standards.

Rate Limits

Rate limiting may be applied to ensure platform stability. If you receive a 429 response, back off and retry. See Rate Limits for details.

Security Best Practices

API Key Security

  • Restrict API key access to authorized systems only
  • Use environment variables for API key storage
  • Implement key rotation procedures
  • Monitor API key usage for anomalies

Request Security

  • Always use HTTPS for API communications
  • Implement request timeout and retry logic
  • Use secure headers for all authenticated requests

Testing Authentication

Verify API Key

Test your API key with a simple request: 
curl -X GET "https://api.legitmark.com/api/v2/categories?active_only=true" \
  -H "Authorization: Bearer leo_your_api_key"

Test with the SDK

import { Legitmark } from 'legitmark';

const legitmark = new Legitmark('leo_your_api_key', { debug: true });
const { data: categories } = await legitmark.taxonomy.getCategories();
console.log(`Connected! Found ${categories.length} categories`);

Next Steps

  1. Review Taxonomy to understand item classification
  2. Implement Workflow for service requests
  3. Set up Webhooks for real-time notifications