Authentication
How to authenticate with the Lavarage API.
API Key Authentication
The Lavarage API uses API keys passed via the x-api-key HTTP header.
curl https://api.lavarage.xyz/api/v1/positions \
-H "x-api-key: lav_sk_your_api_key_here"Public Endpoints (No Key Required)
These endpoints are freely accessible:
| Endpoint | Description |
|---|---|
GET /health | Service health check |
GET /api/v1/offers | Browse liquidity pools |
GET /api/v1/offers/utilization | Pool utilization metrics |
GET /api/v1/offers/:publicKey | Single offer details |
GET /api/v1/tokens | Token list with prices |
GET /api/v1/tokens/:address | Single token details |
POST /api/v1/offers/match | Match best offer for token pair |
GET /api/v1/offers/top | Top tokens by activity |
GET /api/v1/offers/latest | Latest tokens |
POST /api/v1/offers/resolve-feed | Resolve Switchboard oracle feed |
GET /api/v1/referral/* | Referral read endpoints |
Protected Endpoints (Key Required)
All position, order, staking, and partner management endpoints require a valid API key.
Getting an API Key
- Contact the team at lavarage.io to get a partner account
- Use the Partners API to generate additional keys:
curl -X POST https://api.lavarage.xyz/api/v1/partners/keys \
-H "x-api-key: YOUR_EXISTING_KEY"The raw key is only returned once — store it securely.
Key Management
- List keys:
GET /api/v1/partners/keys - Revoke a key:
DELETE /api/v1/partners/keys/:id
Revoking a key is permanent and immediate.
Security Best Practices
- Never expose API keys in client-side code
- Use environment variables for key storage
- Rotate keys periodically using the Partners API
- Revoke compromised keys immediately
Updated over 1 year ago