titledescriptionupdated_date
Lattice APIHow to obtain and authenticate with the Lattice REST API.2025-10-24T16:45:21Z

What we need

[] API Token

Follow these steps to obtain and authenticate with the Lattice REST API:

Getting API Access

API keys can be viewed and managed in the Lattice admin dashboard. Your API keys carry the same privileges as the user who created them, so be sure to keep them secure.

Creating an API Key

  1. Access the API key management

    • Log in to your Lattice admin account
    • Navigate to the API keys section in the admin dashboard

  2. Generate and secure your API key

    • Generate a new API key through the admin interface
    • Important: Copy and store the API key immediately as it will only be shown once
    • Store the API key securely (password manager, secure environment variables)
    • Do not share the key publicly or commit it to version control

Authentication

The Lattice API uses Bearer Authentication. Include your API key in the Authorization header of your HTTP requests:

Authorization: Bearer YOUR_API_KEY_HERE

Important: All API requests must be made over HTTPS. Calls made over plain HTTP will fail.

Testing Your API Key

You can test that your API key works by making a simple request to the /v1/me endpoint:

curl https://api.latticehq.com/v1/me \
  -H "Authorization: Bearer YOUR_API_KEY_HERE"

This should return a 200 OK response with your user information in JSON format.

Providing Your API Key

Once you have generated your API key, you will need to provide it to us securely so we can configure your integration. Please share your bearer token through a secure method (encrypted email, secure file sharing, etc.) and not through unsecured channels.

API Base URL

  • Base URL: https://api.latticehq.com/v1/
  • API Documentation: https://api.latticehq.com/v1/swagger

Important Notes

  • CORS: The Lattice API does not support CORS and is designed to be called from server-side applications only
  • Security: API requests without authentication will fail with a 401 unauthorized response
  • User Dependencies: If the user who generated the API key is deactivated, the API key will stop working
  • Testing: For security reasons, you cannot test API requests directly in the browser documentation - use tools like curl or Insomnia or make requests from your server