Lattica’s API is REST + JSON. Authentication is a single header. Most integrations are working in under five minutes.
Generating a key
Open Settings → API → New API key. Choose:
- Scope — read-only or read-write
- Resource access — entire workspace, specific projects, or a single project
- Expiry — never, 30 days, 90 days, or 1 year
The key is shown once, at creation. Lattica never displays it again — store it in your secrets manager immediately. If you lose it, revoke and generate a new one.
Authentication
Pass the key in the Authorization header on every request:
curl https://api.lattica.app/v1/tasks
-H "Authorization: Bearer lat_live_8FjK4qHN..."Tokens prefixed with lat_live_ are production keys. Sandbox keys (for testing) start with lat_test_ and operate against a mirror workspace populated with sample data.
Rate limits
| Plan | Requests / minute | Burst |
|---|---|---|
| Free | 60 | 120 |
| Team | 300 | 600 |
| Business | 1,200 | 2,400 |
| Enterprise | Custom | Custom |
Every response includes X-RateLimit-Remaining and X-RateLimit-Reset headers. Going over returns 429 with a Retry-After header in seconds.
Pagination
List endpoints return up to 100 items. For more, use cursor pagination — the response includes a next_cursor; pass it as ?cursor=... on the next request.
GET /v1/tasks?limit=100
→ { "data": [...], "next_cursor": "eyJpZCI6IjEyMzQ1In0" }
GET /v1/tasks?limit=100&cursor=eyJpZCI6IjEyMzQ1In0
→ { "data": [...], "next_cursor": null } ← end of resultsErrors
Standard HTTP codes. Error responses include a machine-readable code and a human-readable message:
{
"error": {
"code": "task_not_found",
"message": "No task with id 'task_xyz' in workspace 'ws_8FjK4q'.",
"request_id": "req_aB12cD"
}
}Always log request_id — it’s what support will ask for.