Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.launchboard.xyz/llms.txt

Use this file to discover all available pages before exploring further.

API keys give you programmatic access to your Launchboard organization’s data. You can use them to read cap table records, pull stakeholder and security data, or integrate Launchboard into your own tooling — all without logging in through the browser. Only members with the Admin or Owner role can create and manage API keys.

What API keys are

Each API key is a bearer token that authenticates requests to the Launchboard API (v1). When you include a key in a request, Launchboard treats the request as coming from your organization and enforces the same data access boundaries as any other Admin-level action. Keys have full organization-level access. There is no per-resource or read-only scoping — treat every key like a password.

Create an API key

1

Open the API Keys page

Navigate to Settings → API Keys. You need Admin or Owner access to view this page.
2

Click Create API Key

Click the Create API Key button in the top-right corner.
3

Name the key

Enter a descriptive name for the key — for example, CI pipeline or Data export script. The name helps you identify the key later and is not used for authentication.
4

Copy the key immediately

After you create the key, Launchboard displays the full key value once. Copy it now and store it somewhere secure (such as a secrets manager or environment variable store). You will not be able to retrieve it again.
The full key value is shown only at the moment of creation. Launchboard stores only a hash of the key — not the plaintext. If you lose it, you must delete the key and create a new one.

Key format

All API keys begin with pg_live_ in production (for example, pg_live_abc123...). This prefix makes it easy to identify Launchboard keys in your codebase or secrets manager and to add scanning rules to your CI pipeline.

Authenticate API requests

Include your API key as a bearer token in the Authorization header of every request: 
curl -H "Authorization: Bearer pg_live_..." \
  https://launchboard.xyz/api/v1/stakeholders
Requests that are missing the header or include an invalid key receive a 401 Unauthorized response. For a full overview of authentication, request formats, and available endpoints, see the API reference.

Revoke an API key

To revoke a key, go to Settings → API Keys, find the key you want to remove, and click the delete icon next to it. Revocation takes effect immediately — any request using that key will receive a 401 response from that point on.
Revocation is permanent. If a key is being used by a running service or script, that integration will stop working immediately. Make sure you have a replacement key in place before revoking.

Security recommendations

  • Store keys in a secrets manager (for example, AWS Secrets Manager, HashiCorp Vault, or your CI provider’s secret store). Never commit a key to source control.
  • Create a separate key for each integration so you can revoke one key without affecting others.
  • Rotate keys periodically and revoke any that are no longer in use.
  • Add pg_live_ to your secret-scanning rules to catch accidental commits.