Where do I create an API key?

Open the Lurus Code Dashboard, go to Settings and click "New Key". Enter a name and choose an expiration (7 days, 30 days, 90 days, 1 year, or never).

Can I see the full key again later?

No. The full key is shown exactly once at creation. If you lose it, revoke it and create a new one.

How many API keys can I have?

Pro allows up to 5 keys, Pro+ and Ultra allow up to 10 active keys.

What happens when a key expires?

Expired keys stop authenticating immediately. They are permanently purged from the database after 90 days.

Can an API key create other API keys?

No. API keys have privilege separation — they cannot create, list or revoke other keys. Use the Dashboard for key management.

Is the API key GDPR-compliant?

Yes. Keys are hashed before storage, audit logs track access, and processing is GDPR-compliant.

Authentication

API Keys

Token-based authentication for CI/CD pipelines, headless environments and programmatic access — no browser required.

Lurus Code Dashboard — Create new API key dialog

🔑

One-Click Creation

Generate a new API key from the dashboard with a custom name and optional expiration — the full key is shown only once.

🔒

SHA-256 Hash Storage

Keys are hashed with SHA-256 before being stored. The plaintext key never touches the database.

⏱️

Flexible Expiration

Choose from 7 days, 30 days, 90 days, 1 year, or no expiration at all. Revoked and expired keys are automatically purged after 90 days.

🚫

Instant Revocation

Revoke any key instantly from the dashboard. Revoked keys stop working immediately across all environments.

📋

Audit Trail

Key creation and revocation are logged with IP, user-agent and timestamp. First usage is tracked automatically.

📧

Email Notifications

Receive an email notification whenever a new API key is created on your account — with IP and device details.

How It Works

Create a Key

Open Settings in the dashboard. Click "New Key", enter a name and choose an expiration (7 days, 30 days, 90 days, 1 year, or never).

Copy the Key

The full key (lc_…) is displayed once. Copy it and store it securely — it cannot be retrieved again.

Authenticate

Use the key via environment variable (LURUS_API_KEY), CLI login (lurus login --api-key) or the X-API-Key header.

Usage

Environment Variable (CI/CD)

export LURUS_API_KEY=lc_your_key_here
lurus code "implement feature X"

CLI Login

lurus login --api-key
# Paste your key when prompted

HTTP Header

curl -H "X-API-Key: lc_your_key_here" \

Security

Keys are stored as SHA-256 hashes — the plaintext key is never persisted
File permissions on auth storage set to 0600 (owner-only)
API key requests bypass CSRF checks (designed for non-browser clients)
Revoked and expired keys are automatically purged after 90 days
Plan-based limits: up to 5 keys on Pro, up to 10 on Pro+ and Ultra
Audit logs are retained for 1 year

Frequently Asked Questions

Ready to Automate?

Create your first API key and integrate Lurus Code into your CI/CD pipeline.

Get Started