This page describes the public LinkLoot API as it is implemented today. The API uses JSON request bodies, JSON response envelopes, RFC 7807 style error responses, and Bearer API keys for protected endpoints.
Protected routes use an API key in the Authorization header. A key can have read and write permissions. Blog creation also requires that the key belongs to an ADMIN user.
Authorization: Bearer YOUR_API_KEYPublic reads are limited by IP. Authenticated reads and writes are limited by API key. Admin writes are limited by the owning user account.
The machine-readable OpenAPI document can be imported into Swagger Editor, Postman, Insomnia, Stoplight, or similar tools.
https://linkloot.io/api/openapiPaid-loot prices are validated server-side. Normal API keys can only sell up to the current creator tier cap; admin-owned keys remain capped at 500 Gems.
| Title | Max loot price | Creator share |
|---|---|---|
| Scout | 29 | 80% |
| Raider | 49 | 80% |
| Captain | 79 | 85% |
| Architect | 149 | 90% |
| Legend | 299 | 95% |
| Mythic | 500 | 95% |
| Loot type | Gems |
|---|---|
| Mini Loot | 15 |
| Standard Paid Loot | 29 |
| Workflow / Template | 39 |
| Premium / XXL Loot | 49-79 |
| Courses / Bundles | 149+ |
Bots should call GET /api/v1/me first and read lootPriceCap. If gemPrice is above it, the Loot API returns 422.
/api/v1/categoriesPublicLists all active categories. Use this before creating loot so you can send a valid categoryId.
{
"data": [
{
"id": "cm...",
"name": "KI & Prompts",
"slug": "ki-prompts",
"icon": "tag",
"description": null,
"color": "#00FFAA"
}
]
}curl -X GET "https://linkloot.io/api/v1/categories"