Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.lofty.com/llms.txt

Use this file to discover all available pages before exploring further.

All API requests require authentication via the Authorization header.
MethodHeader formatBest for
OAuth 2.0Bearer <access_token>Multi-tenant apps, third-party integrations
API Keytoken <api_key>Personal automation, scripts, CLI

Which method should I use?

ScenarioMethodGrant Type
CLI tool (lofty-cli)API KeyUsed as LOFTY_CUSTOMER_KEY in Client Credentials
Personal scripts / automationAPI KeyDirect token header
Server-to-server (no user)OAuth 2.0Client Credentials + customer_key
Web app (user authorizes)OAuth 2.0Authorization Code
SPA / mobile appOAuth 2.0Authorization Code + PKCE
Multi-tenant SaaS platformOAuth 2.0Authorization Code

OAuth 2.0

Three grant types: Authorization Code, PKCE, and Client Credentials. Scoped permissions with security review.

API Keys

User-scoped personal access tokens. Configurable expiration and THIRD_PARTY_OPERATION scope.

Base URL

https://api.lofty.com

Request format

curl https://api.lofty.com/v1.0/leads \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <access_token>"
Or via CLI: 
lofty-cli leads list --limit 10

Rate limiting

Rate limits are per-app (not per-account), configured on each registered application.
App ModeRate Limit
Development100 requests/min
Production500 requests/min
The window resets every 60 seconds. Every response includes rate limit headers:
HeaderDescription
X-RateLimit-LimitMaximum requests allowed in the current window
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetTime (UTC epoch seconds) when the window resets
When the limit is exceeded, the API returns HTTP 429: 
HTTP/1.1 429
X-RateLimit-Limit: 20
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 21000
{"message":"Too Many Requests"}
Some endpoints (e.g. AI features) have lower per-endpoint limits. Check the X-RateLimit-Limit header in responses to determine the actual limit.

Common errors

HTTP StatusCodeDescription
401Invalid or missing authentication credentials.
403200100Token is valid but lacks the required permission scope. Grant the scope in the Developer Portal and re-authorize.
429Rate limit exceeded. Retry with backoff.
See Error Codes for the full reference.