Authentication

Every request to the Loomta API is authenticated with a workspace API key sent as a Bearer token. There are no unauthenticated endpoints in the public API (the only exception is the CLI device flow, where the device code is itself the secret).

Create an API key

1. Open the Loomta dashboard and go to Settings → API Keys (loomta.com/dashboard/api-keys).

2. Click Create key, give it a name, and choose the workspace it belongs to.

3. Copy the key. It looks like loomta_sk_… and is shown only once — Loomta stores only a hash, so it cannot be retrieved later. If you lose it, revoke it and create a new one.

Treat keys like passwords

A key grants full read/write access to everything in its workspace. Store it in a secret manager or an environment variable — never commit it to source control. Revoke a key the moment it may have leaked.

Authenticate a request

Send the key in the Authorization header:

Authorization: Bearer loomta_sk_your_key_here

A quick check — list the workspace’s connected platforms:

curl https://api.loomta.com/public/v1/platforms \
  -H "Authorization: Bearer $LOOMTA_API_KEY"

A valid key returns 200 with a platforms array. A missing or invalid key returns 401:

{ "code": "missing_api_key", "message": "A Bearer API key is required." }

{ "code": "invalid_api_key", "message": "The API key is invalid." }

Key facts

• Format — loomta_sk_ followed by a random secret.
• Scope — one workspace per key. A key from workspace A can never see workspace B’s data. See Workspaces & API keys.
• Available on every plan — including Free. Plan tier governs how much you can do (see Limits & quotas), not whether the API works.
• Base URL — https://api.loomta.com. Public endpoints live under /public/v1; the CLI device-auth endpoints live at the host root under /auth/device.

Next steps

• Quickstart — connect, upload, and publish.
• API Reference — every endpoint in detail.
• Prefer the terminal? Install the CLI and run loomta auth:login.