Authentication
How to authenticate requests to the Lucius Billing API.
All Billing API endpoints require authentication via an API key. Keys are scoped to your company account.
Creating an API key
- Log in to the Lucius dashboard
- Go to Settings > API Keys
- Click Create Key and give it a name
- Copy the full key — it's only shown once
Keys follow the format luc_live_ followed by 32 hex characters:
luc_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4Sending the key
Include your API key in every request using one of two methods:
Authorization header (recommended)
curl https://api.lucius.finance/v1/billing/contracts \
-H "Authorization: Bearer luc_live_YOUR_KEY"X-Api-Key header
curl https://api.lucius.finance/v1/billing/contracts \
-H "X-Api-Key: luc_live_YOUR_KEY"Both methods are equivalent. Use whichever fits your HTTP client.
Key security
- Store keys securely — use environment variables, not source code
- Rotate regularly — create a new key, migrate your integration, then revoke the old one
- One key per environment — use separate keys for development and production
- Keys are stored as SHA-256 hashes — Lucius cannot retrieve a key after creation
Error responses
| Status | Error | Meaning |
|---|---|---|
401 | Missing API key | No Authorization or X-Api-Key header found |
401 | Invalid API key | Key doesn't match any active key |
401 | API key expired | Key has passed its expiration date |
{
"error": "Invalid API key"
}Revoking a key
Revoke a key from the dashboard under Settings > API Keys. Revoked keys are rejected immediately. Existing in-flight requests may still complete.