Tips and tricks Best practice guides, FAQ & more
The Leapwork Automation Platform comes with a REST API, allowing any third party system to run automation flows on the platform and to retrieve the results. The REST API makes it easy to incorporate automated flows as part of any CI/CD pipeline.
The REST API is hosted on the Leapwork Controller, as outlined later in this document. The REST API exposes its endpoint on the default port 9001, but the port can be manually configured as needed.
The REST API also includes an API explorer, which can be accessed in a browser at the following URL:
This will allow you to easily test the endpoints in the API and explore the results before setting-up the actual integration.
The API can be accessed on the Leapwork Controller at the below base URL.
Please note, there is a base URL for the current version (v4) and the previous version (v3). The version is indicated in the base URL.
API v3 will be depreciated in 6 month's time, so we recommend you use v4.
API v4 - base URL:
API v3 - base URL:
Read more here
To restrict unauthorized access to APIs, an access key is required to access any of the endpoints. Access keys should be considered confidential, so please share with caution.
Access keys are created, maintained and used in any requests to the APIs as described below.
Only the Administrator role has privileges to manage API access keys.
To create a new API access key, perform the following steps:
The new access key can now be found in the Access Key column list.
To distribute an access key, select the access key in the list and press Copy. This will copy the access key to the clipboard for easy insertion into e-mails, chats, etc.
For best practice, generate an individual access key per system to use an API. This will allow better debugging, as all actions triggered through the API will include the access key used by the system accessing the API, which will show up in the Leapwork audit log.
This also allows administrators to block/delete a specific access key, preventing access from a particular source, without affecting other systems using the API.
A valid access key needs to be a part of all requests to the API.
The access key should be added as a HEADER field named AccessKey with the value containing a valid access key.
If the access key is omitted or not valid, the endpoint will return a 401 – Unauthorized message.