Skip to main content
API keys are created in the YoLead UI. Each key has:
  • a public key used in X-YoLead-Key;
  • an API secret used to sign requests;
  • a scope: read or read-write.
Keep the API secret on your backend only. Do not expose it in browser code, mobile apps, logs, or analytics events.
Scopes:
ScopeAccess
readRead endpoints and read-only iframe capabilities.
read-writeRead endpoints plus write operations and write iframe capabilities.