API Keys
API keys provide machine-to-machine access to LTprophecy without requiring a user session. They are scoped to an organization and support granular permissions.
Creating an API Key
- Navigate to Settings → API Keys.
- Click Create API Key.
- Provide:
- Name — a descriptive label (e.g., CI Pipeline)
- Permissions — select scopes from the list below
- Expiry — optional expiration date (recommended for security)
- Copy the generated key immediately. It will not be shown again. The key is stored as a SHA-256 hash; LTprophecy cannot recover the plaintext.
Available Scopes
| Scope | Access |
|---|---|
org:data:read | Read datasets and quality reports |
org:data:write | Upload and modify datasets |
org:models:read | List and inspect ML models |
org:models:train | Start training runs |
org:models:manage | Promote, archive, delete models |
org:forecasts:read | Read forecast results |
org:forecasts:write | Create and schedule forecasts |
org:knowledge:read | Read graph and scenarios |
org:knowledge:write | Create factors, links, scenarios |
org:research:read | Read research sessions and documents |
org:research:write | Start research sessions |
org:api_keys:manage | Create, rotate, and delete API keys |
Using an API Key
Pass the API key in the Authorization header as a Bearer token:
curl https://api.ltprophecy.com/api/forecasts \
-H "Authorization: Bearer ltpk_live_..."
Or using the Python SDK:
import ltprophecy
client = ltprophecy.Client(api_key="ltpk_live_...")
forecasts = client.forecasts.list()
Key Rotation
For security, rotate API keys regularly. Rotation generates a new key while immediately invalidating the old one. To rotate:
- Navigate to Settings → API Keys.
- Click the ⋮ menu next to the key and select Rotate.
- Copy the new key and update your systems before closing the modal.
Rate Limits
API key requests are subject to the same rate limits as user sessions:
| Plan | Requests / minute | Requests / day |
|---|---|---|
| Free | 20 | 1,000 |
| Growth | 100 | 10,000 |
| Enterprise | Unlimited | Unlimited |
When a rate limit is exceeded, the API returns HTTP 429 Too Many Requests with a Retry-After header.
Audit Log
All API key usage is recorded in the Audit Log, including the endpoint called, HTTP method, response status, and source IP address. Access via Settings → Audit Log.