All API requests require authentication via a Bearer token in the Authorization header.
API keys
API keys are prefixed with leo_ and can be created in Settings > API in your Leonar dashboard.
curl -X GET "https://app.leonar.app/api/v1/contacts" \
-H "Authorization: Bearer leo_your_api_key"
Keep your API keys secure. Never expose them in client-side code, public repositories, or URLs.
Scopes
Each API key has granular permissions controlled by scopes. When creating a key, select only the scopes your integration needs.
| Scope | Description |
|---|
contacts:read | List and view contacts |
contacts:write | Create and update contacts |
contacts:delete | Archive contacts |
companies:read | List and view companies |
companies:write | Create and update companies |
companies:delete | Archive companies |
deals:read | List and view deals and pipelines |
deals:write | Create, update, close, and reopen deals |
deals:delete | Archive deals |
notes:read | List and view notes |
notes:write | Create and update notes |
tags:read | List tags |
tags:write | Create and manage tags |
tasks:read | List and view tasks |
tasks:write | Create, update, and delete tasks |
enrichment:read | View enrichment request status |
enrichment:write | Trigger contact enrichment |
messages:read | List conversations and messages |
messages:write | Send messages |
projects:read | List and view projects |
projects:write | Create and update projects |
pipeline:read | View pipeline entries |
pipeline:write | Add and move candidates in pipelines |
sequences:read | List sequences and enrollments |
sequences:write | Enroll and unenroll contacts |
sourcing:read | Search for candidates |
sourcing:write | Add profiles to projects |
Scope bundles
For convenience, you can use scope bundles when creating API keys:
| Bundle | Includes |
|---|
full_access | All scopes |
read_only | All :read scopes |
crm | Companies, deals, contacts, notes, tags |
automation | Sequences, contacts, pipeline, enrichment, tasks |
sourcing | Contacts, projects, pipeline, sourcing |
Error responses
If authentication fails, the API returns a 401 error:
{
"error": {
"code": "invalid_api_key",
"message": "Invalid API key"
}
}
403 is returned:
{
"error": {
"code": "insufficient_scope",
"message": "This endpoint requires the 'contacts:write' scope"
}
}
