Authentication
Authenticate your API requests using API keys and understand rate limits and error codes.
https://api.liyasupport.com/v1. All requests must be made over HTTPS. HTTP requests will receive a 301 redirect.API keys
LiyaSupport uses API keys to authenticate requests. Your API keys carry significant privileges — keep them secure and never expose them in client-side code, version control, or public repositories.
Creating an API key
- Go to Settings → Integrations → API keys.
- Click Create API key.
- Give it a descriptive name (e.g. "Production backend" or "Zapier integration").
- Select the permissions scope (see below).
- Copy the key immediately — it's shown only once.
Key types and scopes
| Key prefix | Environment | Scope options |
|---|---|---|
| lsk_live_… | Production | read, write, or read+write per resource |
| lsk_test_… | Test/sandbox | Same as live but operates on test data only |
Available permission scopes:
| Scope | Resources | HTTP methods |
|---|---|---|
| tickets:read | Tickets, conversations | GET |
| tickets:write | Tickets, conversations | POST, PATCH, DELETE |
| contacts:read | Contacts | GET |
| contacts:write | Contacts | POST, PATCH, DELETE |
| knowledge:read | Knowledge base articles | GET |
| knowledge:write | Knowledge base articles | POST, PATCH, DELETE |
| webhooks:manage | Webhook endpoints | POST, PATCH, DELETE |
| workspace:read | Workspace info, team members | GET |
Making authenticated requests
Pass your API key in the Authorization header as a Bearer token:
Node.js (official SDK)
Python (official SDK)
LIYA_API_KEY) and use a secrets manager in production. Never hardcode keys in your application source.Rate limits
All API requests are subject to rate limits to ensure fair usage. Rate limits are applied per API key, not per IP address.
| Plan | Requests per minute | Requests per day | Burst allowance |
|---|---|---|---|
| Starter | 60 | 10,000 | 120 requests in 10 seconds |
| Growth | 300 | 100,000 | 600 requests in 10 seconds |
| Enterprise | 1,000 | Unlimited | 2,000 requests in 10 seconds |
Rate limit headers are included in every response:
When you exceed the rate limit, you receive a 429 Too Many Requests response:
Implement exponential backoff when receiving 429 responses. Use the Retry-After header value as your minimum delay.
Error codes
| HTTP status | Error type | Description |
|---|---|---|
| 400 | invalid_request | Missing or malformed request parameters |
| 401 | authentication_error | Invalid or missing API key |
| 403 | permission_error | API key doesn't have the required scope |
| 404 | not_found | Resource not found |
| 409 | conflict | Request conflicts with existing state |
| 422 | validation_error | Request body failed validation |
| 429 | rate_limit_error | Rate limit exceeded |
| 500 | api_error | Internal server error — retry with backoff |
| 503 | service_unavailable | Temporary outage — check status.liyasupport.com |
All errors return a consistent JSON body:
Pagination
List endpoints return paginated results. Use the limit and cursorquery parameters to page through results:
List responses include a pagination object: