Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.launchboard.xyz/llms.txt

Use this file to discover all available pages before exploring further.

The Launchboard API authenticates requests using API keys passed as bearer tokens. Every request to a /api/v1/* endpoint must include your API key in the Authorization header. Requests without a valid key are rejected with a 401 Unauthorized response.

Create an API key

Open Settings → API Keys in the Launchboard dashboard and click Create API Key. Give the key a descriptive name — for example, the name of the integration or service that will use it — and choose the minimum role that integration requires.
The plaintext key is shown exactly once, immediately after creation. Launchboard stores only a SHA-256 hash. Copy it and store it in a secret manager or environment variable before closing the dialog. If you lose it, you’ll need to revoke the key and create a new one.

Key format

API keys issued in production use the prefix pg_live_. Keys issued in non-production environments use pg_test_. You can tell at a glance which environment a key belongs to. 
pg_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Make an authenticated request

Include your API key in the Authorization header of every request: 
Authorization: Bearer pg_live_your_key_here

curl https://launchboard.xyz/api/v1/stakeholders \
  -H "Authorization: Bearer pg_live_your_key_here"

Error responses

401 Unauthorized
object
The Authorization header is missing, malformed, or the key is invalid or revoked. Check that you’ve included the header and that the key value is correct.
403 Forbidden
object
The key is valid but the role assigned to it does not have permission to perform the requested operation. Use a key with a higher role, or request the minimum necessary permissions for your use case.
Both responses follow the RFC 9457 Problem Details format: 
{
  "type": "https://api.launchboard.xyz/problems/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication required"
}

Security

Treat API keys like passwords. Anyone who holds a key has full access to your organization’s cap table data at the role level assigned to that key. Store keys in environment variables or a secrets manager — never commit them to source control or embed them in client-side code. If a key is compromised, revoke it immediately in Settings → API Keys and issue a replacement.

Rate limiting

API requests are rate limited. When your integration exceeds the limit, the API returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait before retrying. Build exponential backoff into any integration that makes bulk or high-frequency requests.