LeadPanther API

LeadPanther API Agency Mode

Agency mode lets an approved agency API key work with client accounts through nested client routes.

Base URL:

https://app.leadpanther.ai/api/v1

LeadPanther API v1 is currently available by approved API key. API keys are bearer tokens. Keep them server-side and never expose them in browser code.

Core Rule

Agency client work uses /clients/{clientId}/....

Use:

/clients/{clientId}/posts
/clients/{clientId}/lead-magnets
/clients/{clientId}/leads
/clients/{clientId}/activity

Do not use direct routes such as /posts, /lead-magnets, /leads, or /activity when the operation is for a client account.

A valid agency API key alone is not enough; the agency must also have an active grant for the target client account.

Find Accessible Clients

Required scope: clients:read

curl "https://app.leadpanther.ai/api/v1/clients" \
  -H "Authorization: Bearer lp_live_REDACTED"

Example response:

{
  "data": [
    {
      "user_id": "00000000-0000-4000-8000-000000000001",
      "full_name": "Client A",
      "business_name": "Client A Company",
      "account_status": "active",
      "grant": {
        "id": "00000000-0000-4000-8000-000000000006",
        "label": "Client A",
        "status": "active",
        "permissions": ["posts:read", "posts:write"],
        "created_at": "2026-05-25T00:00:00.000Z",
        "updated_at": "2026-05-25T00:00:00.000Z"
      }
    }
  ],
  "pagination": {
    "limit": 1,
    "offset": 0,
    "has_more": false
  },
  "request_id": "req_000000000000000000000001"
}

In API v1, clientId is the client account user_id returned by GET /clients. Do not use account table IDs, API key IDs, key hashes, or private database fields.

Get One Client

Required scope: clients:read

curl "https://app.leadpanther.ai/api/v1/clients/00000000-0000-4000-8000-000000000001" \
  -H "Authorization: Bearer lp_live_REDACTED"

The response includes the client account summary and, for agency keys, grant visibility when applicable.

Client Posts

Required scopes:

  • List or retrieve posts: posts:read
  • Create, update, or delete eligible posts: posts:write
  • Read post engagement: analytics:read
curl "https://app.leadpanther.ai/api/v1/clients/00000000-0000-4000-8000-000000000001/posts?limit=10&offset=0" \
  -H "Authorization: Bearer lp_live_REDACTED"

Create a client draft post:

curl "https://app.leadpanther.ai/api/v1/clients/00000000-0000-4000-8000-000000000001/posts" \
  -X POST \
  -H "Authorization: Bearer lp_live_REDACTED" \
  -H "Content-Type: application/json" \
  -d '{
    "text": "Public-safe LinkedIn post copy.",
    "status": "draft",
    "scheduled_at": null,
    "theme_id": null,
    "template_id": null,
    "images": [],
    "document_url": null,
    "document_type": "image",
    "notes": "Prepared by Example Agency.",
    "followups": null
  }'

Scheduled posts require a future scheduled_at ISO datetime. Published or publishing posts cannot be deleted through the API.

Client Lead Magnets

Required scopes:

  • List or retrieve lead magnets: lead_magnets:read
  • Create, update, or archive lead magnets: lead_magnets:write
  • Read lead magnet analytics: analytics:read
curl "https://app.leadpanther.ai/api/v1/clients/00000000-0000-4000-8000-000000000001/lead-magnets?limit=10&offset=0" \
  -H "Authorization: Bearer lp_live_REDACTED"

Create a client lead magnet:

curl "https://app.leadpanther.ai/api/v1/clients/00000000-0000-4000-8000-000000000001/lead-magnets" \
  -X POST \
  -H "Authorization: Bearer lp_live_REDACTED" \
  -H "Content-Type: application/json" \
  -d '{
    "delivery_mode": "external_link",
    "keyword": "GUIDE",
    "resource_name": "Example Guide",
    "resource_link": "https://example.com/resource.pdf",
    "description": "Short public-safe description.",
    "text_template": "Here is the guide: {{resource_link}}",
    "linked_posts": []
  }'

Hosted content and gated external lead magnets require a hosted_page object. Published hosted content requires non-empty Markdown content. Published gated external content requires a valid external resource URL.

Client Media

Required scope: media:write

Create a signed upload URL:

curl "https://app.leadpanther.ai/api/v1/clients/00000000-0000-4000-8000-000000000001/media/upload-url" \
  -X POST \
  -H "Authorization: Bearer lp_live_REDACTED" \
  -H "Content-Type: application/json" \
  -d '{
    "filename": "example-image.png",
    "content_type": "image/png",
    "file_size": 102400
  }'

Example response:

{
  "data": {
    "upload_url": "https://example.com/redacted-upload-url",
    "token": "REDACTED_UPLOAD_TOKEN",
    "path": "uploads/redacted/example-image.png",
    "public_url": "https://example.com/redacted-public-url",
    "bucket": "content-images",
    "content_type": "image/png"
  },
  "request_id": "req_000000000000000000000002"
}

Allowed content types are image/jpeg, image/png, image/gif, image/webp, and application/pdf. Maximum sizes are 5 MB for images and 15 MB for PDFs. Treat upload_url and token values as short-lived sensitive values.

Client Leads And Activity

Required scopes:

  • List leads: leads:read
  • List inbound activity: activity:read
curl "https://app.leadpanther.ai/api/v1/clients/00000000-0000-4000-8000-000000000001/leads?limit=10&has_email=true" \
  -H "Authorization: Bearer lp_live_REDACTED"

curl "https://app.leadpanther.ai/api/v1/clients/00000000-0000-4000-8000-000000000001/activity?limit=10&source=comments" \
  -H "Authorization: Bearer lp_live_REDACTED"

The leads:read scope can return personal data. The activity:read scope can return message or comment content and platform identifiers. Public examples are redacted and do not represent the full sensitivity of production data.

Pagination

All list endpoints use limit and offset pagination. Unless otherwise documented, limit defaults to 50 and is capped at 100.

Client list examples:

/clients/{clientId}/posts?limit=25&offset=0
/clients/{clientId}/lead-magnets?limit=25&offset=0
/clients/{clientId}/leads?limit=25&offset=0
/clients/{clientId}/activity?limit=25&offset=0

Troubleshooting

If a client route returns 403, check both conditions:

  • The API key has the required endpoint scope.
  • The agency has an active grant for the target client account.

If a route returns 404, verify that the path is documented and that the client identifier came from GET /clients.

Use the response request_id when contacting LeadPanther support about an API call.

Current Limitations

Agency grant permissions may be returned for visibility. API route authorization is enforced by API key scopes plus active agency-client grant status.

Rate limits are not yet a published contract. Idempotency keys are planned, not currently guaranteed. Webhook endpoints and generated SDKs are planned, not currently available.