The Leapwork REST API

1. Introduction

The Leapwork Automation Platform comes with a REST API, allowing any third party system to run automation flows on the platform and to retrieve the results. The REST API makes it easy to incorporate automated flows as part of any CI/CD pipeline.

The REST API is hosted on the Leapwork Controller, as outlined later in this document. The REST API exposes its endpoint on the default port 9001, but the port can be manually configured as needed.

The REST API also includes an API explorer, which can be accessed in a browser at the following URL:


This will allow you to easily test the endpoints in the API and explore the results before setting-up the actual integration.

2. Accessing the API

The API can be accessed on the Leapwork Controller at the below base URL.

Please note, there is a base URL for the current version (v4) and the previous version (v3). The version is indicated in the base URL.

API v3 will be depreciated in 6 month's time, so we recommend you use v4.

API v4 - base URL:



API v3 - base URL:





Read more here

2.1 Access Keys

To restrict unauthorized access to APIs, an access key is required to access any of the endpoints. Access keys should be considered confidential, so please share with caution.

Access keys are created, maintained and used in any requests to the APIs as described below.

2.1.1 Managing Access Keys

Only the Administrator role has privileges to manage API access keys.

To create a new API access key, perform the following steps:

  1. In the Leapwork Studio, click Settings in the main menu.
  2. Select the API Access Keys and click the Add Key button.
  3. In the Add Access Key menu, click the Generate key button, to generate a new access key. The access key is a 16-character text string, for example, Mo87Nc4qDAtzJNDb.
  4. Add a comment to make access key administration more understandable. For example, Integration from CI/CD pipeline
  5. Press the Add button.

The new access key can now be found in the Access Key column list.

To distribute an access key, select the access key in the list and press Copy. This will copy the access key to the clipboard for easy insertion into e-mails, chats, etc.

For best practice, generate an individual access key per system to use an API. This will allow better debugging, as all actions triggered through the API will include the access key used by the system accessing the API, which will show up in the Leapwork audit log.

This also allows administrators to block/delete a specific access key, preventing access from a particular source, without affecting other systems using the API.

2.1.2 Using Access Keys

A valid access key needs to be a part of all requests to the API.

The access key should be added as a HEADER field named AccessKey with the value containing a valid access key.


AccessKey: Mo87Nc4qDAtzJNDb

If the access key is omitted or not valid, the endpoint will return a 401 – Unauthorized message.