Authentication

    Authentication

    Every LiveScript surface — REST, WebSocket, and MCP — is authenticated with the same Bearer API key.

    API keys

    Keys are created in your dashboard and are shown only once at creation — store the key somewhere safe. Keys are prefixed with ls_live_. Treat a key like a password: anyone holding it can consume your account's minutes.

    Bearer header

    Pass the key in the Authorization header on every request, using the Bearer scheme.

    Authorization: Bearer ls_live_xxxxxxxxxxxxxxxx

    WebSocket auth

    For the live WebSocket endpoint, send the same Authorization header during the initial HTTP upgrade request. The MCP endpoint uses the header on each HTTP request in the same way.

    Failures

    Missing or invalid keys return AUTHENTICATION_FAILED. On the WebSocket this closes the socket immediately after the error frame. Endpoints that require an active Pro subscription return PLAN_REQUIRED when the key's account has no active plan.