API Introduction

Authentication

All API requests require authentication using API keys. API keys are associated to Workspaces, these can be created and deleted from the API Keys tab in the Workspace section. Find a step by step guide on how to create keys for a given Workspace here.

Important: API keys are sensitive credentials. Never share them publicly or commit them to version control.

Using API Keys

Include your API key in the Authorization header of your requests:

curl -X GET "https://app.luxor.tech/api/v1/workspace" \
  -H "authorization: <token>"

Rate Limits

To ensure fair usage and system stability, we implement a token bucket rate limiting system. Currently the rate limiting system considers two limits, one at the Workspace level and another at the API key level.

If you exceed any of the limits, the API will return a 429 Too Many Requests error.

Base URL

All API endpoints are relative to the base URL:

https://app.luxor.tech/api/v1/

Error Handling

The API uses standard HTTP status codes to indicate the success or failure of requests:

• 200 OK: Request succeeded
• 400 Bad Request: Invalid request parameters
• 401 Unauthorized: Invalid or missing API key
• 403 Forbidden: Insufficient permissions
• 429 Too Many Requests: Rate limit exceeded
• 500 Internal Server Error: Server-side error

Error responses include a detailed message:

{
  "error": {
    "code": "invalid_request",
    "message": "Invalid parameters provided"
  }
}

Best Practices

1. Implement Retry Logic: Use exponential backoff for failed requests
2. Cache Responses: Cache data that doesn't change frequently
3. Monitor Rate Limits: Track your API usage to avoid hitting limits
4. Use HTTPS: Always make requests over HTTPS
5. Keep API Keys Secure: Rotate keys regularly and use environment variables

API Versioning

We maintain backward compatibility within major versions. The current version is v1, and all endpoints are prefixed with /v1/. When we release breaking changes, we'll increment the version number and provide migration guides.