Skip to content
New Venue Data
API & Keys

Authenticating requests with API keys

How bearer tokens work, where to store them, and how to rotate a key without downtime.

Every request to the API is authenticated with a secret key sent as a bearer token in the Authorization header. There are no sessions or cookies — each request stands alone.

Sending the key

Authorization: Bearer ls_live_your_key_here

Live keys are prefixed with ls_live_ and sandbox keys with ls_test_. Sandbox keys hit the same endpoints but return synthetic data and never bill against your plan.

Storing keys safely

  • Keep secrets in environment variables or a secrets manager, never in source control.
  • Use server-side code only — a key in front-end JavaScript is a public key.
  • Scope keys per environment so a leaked staging key cannot touch production data.

Rotating without downtime

Create the new key first, deploy it to your services, confirm traffic is flowing on the new key, then revoke the old one. Because keys are independent, both work simultaneously during the overlap, so there is no window where requests fail.

Was this article helpful?

Still stuck? Our team is happy to help.

YesNo
Contact support
Back to Help Center

Related articles

API & Keys

Paginating results with cursors

Use the cursor parameter to walk through large result sets reliably, even as new records arrive.

Read articleAPI & Keys

Filtering the license feed

Combine county, license type, status, event type, and search filters to get exactly the records you want.

Read articleAPI & Keys

Rate limits and quotas

Understand request limits, read the rate-limit headers, and back off gracefully when throttled.

Read article

Start monitoring Florida in minutes.

No contracts. Cancel any time. County plan from $149/month.

Start Free Trial Talk to Sales