Integration Summary

When to use
  • Create, list, and revoke API keys.
  • Use the read and write examples together so you can validate state before you mutate it.
Required scopes
  • Access is inherited from the connected user or JWT session.
  • Inspect GET /me or the validate-api-key response to confirm the scopes available to the current token.
Headers
  • Authorization: Bearer <token>
  • X-Origin-App: <client-name>
  • Content-Type: application/json on write operations
Request schema
See the request body tables below or /platform/openapi.json for the machine-readable schema surface.
Response schema
Responses use the standard request_id/timestamp/data envelope documented in the API overview.
Enums & values
  • Enum-like values and filter operators are documented inline on the page where available.
  • When a value set is account- or tier-dependent, validate against live responses before hard-coding assumptions.
Idempotency
Use Idempotency-Key on retried writes when your client cannot guarantee whether a prior attempt succeeded.
Rate limits
See /rate-limits. Page intentionally through list endpoints and apply backoff on 429 responses.
Examples
curl, TypeScript, Python

Starter example: POST /api/external/v2/api-keys

bash
curl -X POST "https://api.levcapital.com/api/external/v2/api-keys" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Origin-App: my-integration"
  -d '{
  "label": "Quickstart Example"
}'

API Keys

Last updated: March 2026

API keys provide long-lived authentication for server-to-server integrations. Each key is scoped to a user and account.
Web AppCreate (API)List (API)Revoke (API)

Overview

API keys are managed via the Lev web app or the /api-keys REST endpoints. Keys are tied to the authenticated user's account and inherit their permissions.
  • Keys are prefixed with lev_sk_ for identification
  • The full key value is only shown once at creation — store it immediately
  • Revoked keys take effect immediately
  • Each account has a maximum number of allowed keys (visible via GET /me)

Creating Keys via the Lev Web App

The fastest way to create an API key is through the Lev settings page at app.lev.com.
Requirements
You must be a workspace admin to manage API keys. The feature must be enabled for your account.
To create a key:
  1. Sign in to app.lev.com
  2. Click your name at the bottom of the sidebar, then click Settings
  3. Select the API Keys tab
  4. Click the Create key button
  5. Enter a descriptive label (e.g., "Production Sync" or "CI Pipeline") and click Create
  6. Copy your key immediately — click the copy icon next to the key. It will only be shown once
  7. Click Done
Store your key securely
The full API key is only displayed once at creation time. If you lose it, you'll need to revoke the key and create a new one.
To revoke a key:
  1. Go to Settings → API Keys (same navigation as above)
  2. Find the key in the list and click the trash icon
  3. Confirm by clicking Revoke key — access is revoked immediately

Create Key (API)

POST/api/external/v2/api-keys
Create a new API key for the authenticated user

Request body

ParameterTypeRequiredDescription
labelstringRequiredHuman-readable label for the key (1–255 characters)
Response (201):
json
{
  "request_id": "...",
  "timestamp": "2026-03-20T15:30:45Z",
  "data": {
    "id": 42,
    "label": "CI Pipeline Key",
    "key_prefix": "lev_sk_abc1",
    "api_key": "lev_sk_abc123def456ghi789...",
    "created_at": "2026-03-20T15:30:45Z"
  }
}
Warning: The api_key field is only included in the creation response. Store it securely.

List Keys (API)

GET/api/external/v2/api-keys
List all API keys for the authenticated user

Query parameters

ParameterTypeRequiredDescription
limitintegerOptionalResults per page (1–200, default 50)
offsetintegerOptionalNumber of results to skip (default 0)
Response (200):
json
{
  "request_id": "...",
  "timestamp": "2026-03-20T15:30:45Z",
  "data": [
    {
      "id": 42,
      "label": "CI Pipeline Key",
      "key_prefix": "lev_sk_abc1",
      "created_at": "2026-03-20T15:30:45Z",
      "last_used_at": "2026-03-19T12:00:00Z"
    }
  ],
  "pagination": {
    "total": 3,
    "limit": 50,
    "offset": 0,
    "has_more": false
  }
}
Note: The full key value is never returned in list responses — only the key_prefix.

Revoke Key (API)

DELETE/api/external/v2/api-keys/{key_id}
Permanently revoke an API key

Path parameters

ParameterTypeRequiredDescription
key_idintegerRequiredThe ID of the API key to revoke
Response (200):
json
{
  "request_id": "...",
  "timestamp": "2026-03-20T15:30:45Z",
  "data": {
    "deleted": true
  }
}
Revoked keys are immediately invalidated. Any request using a revoked key will receive a 401 Unauthorized response.

Related Articles

Build on Lev's PlatformAuthenticationQuickstartPaginationFiltering & Sorting