LeadPanther API Overview
LeadPanther API v1 is currently available by approved API key. API keys are bearer tokens. Keep them server-side and never expose them in browser code.
The canonical base URL is:
https://app.leadpanther.ai/api/v1
https://api.leadpanther.ai/v1 is not the LeadPanther app API base URL.
Current Capabilities
API v1 supports:
- Reading API key subject information.
- Listing accessible client accounts.
- Creating, reading, updating, and deleting draft or scheduled posts.
- Reading post engagement metrics.
- Creating, reading, updating, and archiving lead magnets.
- Reading lead magnet analytics.
- Creating signed media upload URLs and deleting uploaded media.
- Listing leads.
- Listing inbound activity.
Do not guess endpoint names. Use only documented paths under https://app.leadpanther.ai/api/v1. Generic paths such as /accounts, /users, /lists, /campaigns, /organizations, /team, /workspaces, and /lead-magnet-posts are not API v1 endpoints.
Authentication
Send your API key in the Authorization header:
Authorization: Bearer lp_live_REDACTED
Supported key prefixes are lp_live_ and lp_test_.
All authenticated endpoints require a valid API key. Most endpoints also require a specific scope. The * scope satisfies any required scope.
Direct And Agency Access
Direct-user routes operate on the API key owner's account:
/posts
/lead-magnets
/leads
/activity
Agency client work uses nested client routes:
/clients/{clientId}/posts
/clients/{clientId}/lead-magnets
/clients/{clientId}/leads
/clients/{clientId}/activity
For agency access, use the nested client routes. A valid agency API key alone is not enough; the agency must also have an active grant for the target client account.
In API v1, clientId is the client account user_id. Use values returned by GET /clients; do not use account table IDs, API key IDs, key hashes, or private database fields.
Response Format
Success responses use a data envelope:
{
"data": {
"name": "LeadPanther API",
"version": "v1"
},
"request_id": "req_000000000000000000000001"
}
List responses include pagination:
{
"data": [],
"pagination": {
"limit": 50,
"offset": 0,
"has_more": false
},
"request_id": "req_000000000000000000000002"
}
Error responses include a stable error code and message:
{
"error": {
"code": "forbidden",
"message": "API key is missing a required scope."
},
"request_id": "req_000000000000000000000003"
}
Use the response request_id when contacting LeadPanther support about an API call.
Pagination
All list endpoints use limit and offset pagination. Unless otherwise documented, limit defaults to 50 and is capped at 100.
GET /posts?limit=25&offset=0
Lead magnet analytics uses the same style for recent capture references.
Error Codes
API v1 can return these error codes:
bad_requestunauthorizedforbiddennot_foundconflictmethod_not_allowednot_implementedinternal_error
If a call returns 403, check both the API key scope and, for agency routes, the agency-client grant.
Data Sensitivity
Public examples in these docs are redacted and do not represent the full sensitivity of production data.
The leads:read scope can return personal data, including lead email fields and profile references. The activity:read scope can return message or comment content and platform identifiers. Store, process, and share responses according to your privacy and compliance obligations.
Current Limitations
These features are planned or future-facing and are not currently available as a public API v1 contract:
- Public self-serve API key provisioning.
- Published rate-limit semantics.
- Guaranteed idempotency key behavior.
- Webhook endpoints.
- Generated SDKs.
- A public changelog and deprecation policy.
Do not use Supabase REST, Supabase storage URLs, or api.leadpanther.ai as the app API unless LeadPanther support explicitly directs you to an internal integration path.
Endpoint Summary
| Method | Path | Purpose | Required scope |
|---|---|---|---|
GET | / | API metadata | none |
GET | /me | API key owner and subject info | valid API key |
GET | /clients | List accessible client accounts | clients:read |
GET | /clients/{clientId} | Get one client account | clients:read |
GET | /posts | List posts for direct user | posts:read |
POST | /posts | Create post for direct user | posts:write |
GET | /posts/{id} | Get post for direct user | posts:read |
PATCH | /posts/{id} | Update post for direct user | posts:write |
DELETE | /posts/{id} | Delete unpublished post for direct user | posts:write |
GET | /posts/{id}/engagement | Get post engagement for direct user | analytics:read |
GET | /lead-magnets | List lead magnets for direct user | lead_magnets:read |
POST | /lead-magnets | Create lead magnet for direct user | lead_magnets:write |
GET | /lead-magnets/{id} | Get lead magnet for direct user | lead_magnets:read |
PATCH | /lead-magnets/{id} | Update lead magnet for direct user | lead_magnets:write |
DELETE | /lead-magnets/{id} | Archive lead magnet for direct user | lead_magnets:write |
GET | /lead-magnets/{id}/analytics | Get lead magnet analytics for direct user | analytics:read |
POST | /media/upload-url | Create signed upload URL for direct user | media:write |
DELETE | /media | Delete uploaded media for direct user | media:write |
GET | /leads | List leads for direct user | leads:read |
GET | /activity | List inbound activity for direct user | activity:read |
Agency equivalents use /clients/{clientId}/... for posts, lead magnets, media, leads, and activity.