Skip to main content

Getting started

  1. Create an API key. In Laabam One, go to Settings → API Keys → Create Key. Choose the scopes the key needs (least privilege — see Security), an optional expiry, and, for browser use, the allowed origins.

  2. Copy your credentials. You receive a Client ID (lk_id_…) and a Client Secret (lk_secret_…).

    The secret is shown only once

    The secret is stored hashed and can never be retrieved again. If you lose it, rotate the key.

  3. Call the API with both credentials in the request headers:

    curl https://laabam.app/api/v1/invoices \
      -H "X-Client-Id: lk_id_4f9c2a7b1e8d3c6a5b0f9e2d" \
      -H "X-Client-Secret: lk_secret_a1b2c3d4e5f6...." \
      -H "Accept: application/json"

  4. Monitor usage under Settings → API Keys → View Usage, and rotate or revoke keys as needed.

One key = one company

Each API key belongs to exactly one company, so most endpoints don't take a company identifier in the URL. The public website APIs (recruitment, leads, storefront) are the exception — they carry {company} in the path because they're embedded in public pages.