Launch offer: 50% off.Paid plans only.See pricing
Skip to content
Lamba
Open menu
Get started

Documentation

Quickstart

Customer API Quickstart

Call the customer auth and customer API hosts without tenant/project headers.

Overview

Use this guide to send your first authenticated request to the public customer surface:

  • Customer auth host: https://id.uselamba.com
  • Customer API host: https://api.uselamba.com
  • Customer auth supports password, register, magic-link, phone OTP, hosted OIDC, and session switch flows.

Prerequisites

  • Customer session token from a successful password, register, magic-link, phone, refresh, or switch-context flow
  • If you are starting from OIDC Authorization Code flow, first exchange into a scoped customer session with POST /v1/sessions/switch-context
  • Optional workspace/project/environment defaults if your app uses switch-context

1) Set base URL

# Production
LAMBA_CUSTOMER_AUTH_BASE=https://id.uselamba.com
LAMBA_CUSTOMER_API_BASE=https://api.uselamba.com

# Test
LAMBA_CUSTOMER_AUTH_BASE=https://test.id.uselamba.com
LAMBA_CUSTOMER_API_BASE=https://test.api.uselamba.com

2) Prepare required headers

Authorization: Bearer <customer-session-token>
X-Correlation-Id: <uuid-optional>

Do not send X-Tenant-Id or X-Project-Id to the customer surface.

3) Optional OIDC follow-up

If you signed users in through OIDC and need the customer API, exchange into a scoped customer session first:

curl -X POST "$LAMBA_CUSTOMER_AUTH_BASE/v1/sessions/switch-context" \
  -H "Authorization: Bearer $OIDC_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "workspaceId": "<workspace-id>",
    "projectId": "<project-id>",
    "environment": "test"
  }'

Use the returned access_token as the customer session token for api.*.

4) Read runtime context

curl -X GET "$LAMBA_CUSTOMER_API_BASE/v1/me/context" \
  -H "Authorization: Bearer $CUSTOMER_SESSION_TOKEN" \
  -H "X-Correlation-Id: $(uuidgen)"

5) Read effective authorization

curl -X GET "$LAMBA_CUSTOMER_API_BASE/v1/me/authorization" \
  -H "Authorization: Bearer $CUSTOMER_SESSION_TOKEN"

6) Admin calls use the same host

curl -X GET "$LAMBA_CUSTOMER_API_BASE/v1/admin/members?limit=20" \
  -H "Authorization: Bearer $CUSTOMER_SESSION_TOKEN"

Admin access is enforced by project roles and project permissions, not by OAuth scopes on user tokens.

7) Parse response patterns

  • Resource success: plain JSON object
  • List success: { items, nextCursor }
  • Error model: ProblemDetails with errorCode and traceId

8) Handle common failures

  • 401: refresh or restart authentication.
  • 403: validate role, membership, and active project context.
  • 429: honor Retry-After with exponential backoff.
  • 402: treat as business-state (plan limit), not transient retry.

Next steps

  • API contract details: /docs/reference/api-overview
  • Error payloads: /docs/reference/errors
  • OpenAPI + Postman workflow: /docs/reference/openapi-postman

Next

Webhooks Quickstart
Register endpoints, verify signatures, and handle retries safely.
Continue to Webhooks Quickstart