Features
Authentication and API Keys
People use sessions. Automations use API keys.
Browser Sessions
Use session endpoints for sign-up, sign-in, sign-out, and current-user checks:
POST /v1/auth/sign-up
POST /v1/auth/sign-in
POST /v1/auth/sign-out
GET /v1/auth/session
GET /v1/users/me
Browser sessions are for Lezu apps and dashboard-style experiences. They use secure HttpOnly cookies and require frontend requests to include credentials:
await fetch("https://api.lezu.app/v1/dashboard/summary", {
credentials: "include"
});
For protection against cross-site form posts, unsafe session-authenticated requests are accepted only from configured dashboard origins.
API Keys
Create API keys for scripts, CI jobs, backend services, and integrations.
POST /v1/api-keys
Authorization: ApiKey lez_...
Content-Type: application/json
{
"name": "CI import key",
"scopes": ["i18n:read", "i18n:write", "translate:read", "translate:write"],
"expiresAt": "2026-12-31T23:59:59.000Z"
}
Use the returned token in API clients:
Authorization: ApiKey lez_...
Common Scopes
| Scope | Allows |
|---|---|
i18n:read |
Read projects and values. |
i18n:write |
Create projects and import content. |
translate:read |
Estimate and read translation jobs. |
translate:write |
Run translations and create jobs. |
releases:read |
Read release metadata. |
releases:write |
Publish releases. |
usage:read |
Read usage, billing, and dashboard summaries. |
admin:api-keys |
Manage API keys. |
Relevant Endpoints
| Method | Endpoint | Scope |
|---|---|---|
GET |
/v1/api-keys |
admin:api-keys |
POST |
/v1/api-keys |
admin:api-keys |
DELETE |
/v1/api-keys/:apiKeyId |
admin:api-keys |