Leadflip
Sign up free

API Authentication

Last updated: 2026-02-26
Sidebar > Account Settings > API Access

Where to find it

Sidebar > Account Settings > API Access

API Authentication

Leadflip provides a REST API for programmatic access to your leads, entities, and forms. All API requests require authentication using an API key sent as a Bearer token. This guide explains how to generate keys, use them in requests, and keep your integration secure.

API settings page

Generating API Keys

  1. Open the sidebar and go to Account Settings.
  2. Click API Access in the settings menu.
  3. Click Create API Key.
  4. Give your key a descriptive name (e.g., "Production Integration" or "Staging Webhook").
  5. Copy the key immediately—it is shown only once and cannot be retrieved later.

Create API key dialog

Important: Store your API key securely. Treat it like a password. If a key is compromised, revoke it in Account Settings > API Access and create a new one.

Using Bearer Token in Requests

Include your API key in the Authorization header of every request:

Authorization: Bearer your_api_key_here

The API also accepts the key without the Bearer prefix:

Authorization: your_api_key_here

Example with cURL

curl -X GET "https://www.leadflip.net/api/entities" \
  -H "Authorization: Bearer your_api_key_here" \
  -H "Accept: application/json"

Example with JavaScript (fetch)

fetch('https://www.leadflip.net/api/entities', {
  headers: {
    'Authorization': 'Bearer your_api_key_here',
    'Accept': 'application/json'
  }
});

Never send your API key in the URL, query parameters, or request body. Always use the Authorization header.

Security Best Practices

  • Rotate keys periodically – Create new keys and revoke old ones on a schedule (e.g., quarterly).
  • Use separate keys per environment – Different keys for development, staging, and production.
  • Never commit keys to version control – Use environment variables or a secrets manager.
  • Monitor usage – Check the API section in Account Settings for unusual activity.

Revoking Keys

If a key is lost, leaked, or no longer needed:

  1. Go to Sidebar > Account Settings > API Access.
  2. Find the key in the list.
  3. Click Revoke and confirm.

Revoked keys stop working immediately. Update any integrations that used the old key with a new one.

Next Steps

  • API Endpoints – Overview of available endpoints for leads, entities, and forms.
Was this helpful?
Thanks for your feedback!

Related Articles

API Endpoints

Try Leadflip for free

Start capturing and managing leads in minutes.

Sign up free