API Keys

API keys provide programmatic access to the LobsterHoney API. Use them for CI/CD integration, custom dashboards, SIEM forwarding, or any automation that needs to query your detection data.

Creating an API Key

Navigate to API Keys

In the dashboard, go to Settings > API Keys.

Click Create API Key

Click the Create API Key button to start.

Name your key

Give the key a descriptive name that identifies its purpose -- for example, "CI/CD Pipeline", "Internal Dashboard", or "SIEM Integration".

Copy the key immediately

The full API key is shown only once at creation time. Copy it and store it securely. You cannot retrieve the key later -- if lost, you must create a new one.

Treat API keys as secrets. Never commit them to version control, embed them in client-side code, or share them in plaintext. Use environment variables or a secrets manager.

Using Your API Key

Include the key in the Authorization header of every API request:

$curl -H "Authorization: Bearer lh_YOUR_API_KEY" https://lobsterhoney.com/dashboard/api/traps

All API keys are prefixed with lh_ for easy identification. Keys are scoped to your organization -- they can access data for all sites within your org.

Key Permissions

API keys support three permission scopes:

Scope	Access
Read-only	Query sessions, traps, analytics, and events
Read-write	Everything in read-only, plus create/update/delete traps and settings
Admin	Full access including organization management and API key administration

Choose the minimum scope needed for each integration. A monitoring dashboard only needs read-only access.

To revoke a key, go to Settings > API Keys, find the key in the list, and click Revoke. Revocation is immediate -- any request using the revoked key will receive a 401 Unauthorized response.

Revoke and replace keys immediately if you suspect a key has been compromised. There is no limit to the number of active keys per organization.