Authentication
Every /v1 endpoint is authenticated with your API key. Supply it on every
request using the Authorization header with the Bearer scheme:
curl -sS "https://api.lemtika.com/v1/catalog" \
-H "Authorization: Bearer $LEMTIKA_API_KEY"
The key resolves to your account's tenancy: the request is billed and brand-themed
against that account's workspace. A key requires an active (or trialing) subscription
to call the API (canUseApiKey). Create and rotate keys in
API keys.
The API also accepts the key via an
x-api-key: <your-api-key>header as an alternative toAuthorization: Bearer. Prefer theBearerheader.
Common 401 causes
A 401 unauthorized means the key was missing, malformed, or revoked. Check:
- No header sent — the request omitted both
Authorizationandx-api-key. - Malformed header — the
Bearerprefix is missing, or there's a stray space or newline in the token (common when reading a key from a file). - Revoked key — the key was deleted in Settings → API keys. Revocation is immediate.
- Wrong environment — a staging key sent to production (or vice-versa).
A 401 is distinct from 403 forbidden (the key is valid but lacks a capability, e.g.
a lapsed subscription) and 402 insufficient-credits (valid key, empty balance). See
Errors for the full table.
Versioning & stability
The public surface is the frozen /v1 contract: once you integrate, the
request/response shapes will not change in a breaking way. New error codes and optional
fields may be added additively, so always treat an unrecognized error.code by its
HTTP status class rather than matching it exactly.