Authentication with a Bearer key
Create a key from your dashboard under Settings, API. Every key starts with lt_live_. Send it on every request in the Authorization header. The full key is shown only once when you create it, so store it somewhere safe. If a key leaks, revoke it from the same screen and issue a new one.
curl https://legaltank.org/api/v1/documents \
-H "Authorization: Bearer lt_live_your_key_here"Keys are accepted only over the Authorization header, never as a query parameter, and only over HTTPS. Entitlement is checked on every request, so if an account leaves the Enterprise plan its keys stop working right away.
Endpoints
The base URL is https://legaltank.org/api/v1. Responses are JSON in the shape { success, data }.
/api/v1/documentsList the key owner's documents/api/v1/documents/{id}Fetch a single document by idList documents
Supports page, limit (max 100), and an optional status filter.
GET /api/v1/documents?limit=20&page=1
{
"success": true,
"data": {
"documents": [
{
"id": "e4b1...",
"title": "Mutual NDA",
"status": "paid",
"jurisdiction": "New York",
"created_at": "2026-07-01T09:00:00Z",
"updated_at": "2026-07-02T14:30:00Z"
}
],
"pagination": { "page": 1, "limit": 20, "total": 1, "totalPages": 1 }
}
}Fetch one document
GET /api/v1/documents/e4b1...
{
"success": true,
"data": {
"document": {
"id": "e4b1...",
"title": "Mutual NDA",
"content": "...",
"status": "paid",
"jurisdiction": "New York",
"created_at": "2026-07-01T09:00:00Z",
"updated_at": "2026-07-02T14:30:00Z"
}
}
}A document owned by anyone else returns 404. A key only ever sees its own owner's documents.
Scopes
Each key carries a set of scopes that limit what it can do. New keys are issued with read-only document access by default.
documents:readList and read your documentsA request for an endpoint your key does not have the scope for returns 403.
Rate limits and errors
Each key is limited to 120 requests per minute. When you exceed it, the API returns 429 with a Retry-After header. Back off and retry after the window resets.
| Status | Meaning |
|---|---|
| 200 | Success. |
| 401 | Missing, invalid, revoked, or no-longer-entitled key. |
| 403 | Key lacks the required scope. |
| 404 | Document not found for this owner. |
| 429 | Rate limit exceeded. |
Keep your keys secret
Treat an API key like a password. We store only a hash of it, so we can never show it to you again after creation and cannot recover it for you. Never commit a key to source control or expose it in client-side code. If a key is exposed, revoke it immediately and issue a new one.
SSO and white-label
Single sign-on and white-label delivery are set up with our team as part of an Enterprise engagement rather than self-serve. If you need either, reach out at enterprise@legaltank.org and we will scope it with you.