Skip to main content

Request headers

These are headers your application sends to Lectr on each request.

X-Lectr-Key

Required. Identifies your organisation and authenticates the request. 
X-Lectr-Key: lc_key_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
RequiredYes — requests without this header return 401
Formatlc_key_ followed by a random string
Where to get itDashboard → Settings → Integration
StorageTreat like a password — environment variable only, never hardcode
Requests with a missing or invalid key are rejected immediately. The upstream provider never sees them.

X-Lectr-Feature

Optional. Tags the request with the feature that made it. 
X-Lectr-Feature: chat
RequiredNo
Valid valuesAny non-empty string up to 100 characters
Recommended formatLowercase, hyphens for spaces — onboarding-assistant
MissingRequest processed normally, grouped under untagged in dashboard
InvalidStored as-is, never rejected
Enables per-feature cost, latency, and error breakdowns in the dashboard. Required for feature-based routing rules (coming soon). See Feature Tagging for the full guide.

X-Lectr-Task

Optional. Declares the type of work the request is doing. 
X-Lectr-Task: classification
RequiredNo
Valid valuesclassification summarisation extraction generation reasoning
MissingHeuristic signals used for recommendations
InvalidStored as-is, no influence on recommendations
Treated as a high-confidence signal by the recommendation engine. reasoning tasks are never recommended for model downgrade — hardcoded protection. See Task Types for the full guide.

X-Lectr-Provider

Optional. Overrides automatic provider detection. 
X-Lectr-Provider: anthropic
RequiredOnly for Azure OpenAI
Valid valuesopenai anthropic groq gemini azure
MissingProvider auto-detected from model name
InvalidLogged, defaults to openai
Use this when Lectr misdetects a provider or when a new model isn’t in the detection registry yet. Always required for Azure since Azure endpoint URLs are org-specific and can’t be inferred from the model name. See Multi-Provider Setup for the full guide.

Authorization

Required. Your provider API key — forwarded directly to the upstream provider. 
Authorization: Bearer sk-...
RequiredYes — forwarded to provider as-is (OpenAI, Groq, Gemini)
AnthropicSend as Authorization: Bearer sk-ant-... — Lectr rewrites to x-api-key
AzureSend as Authorization: Bearer <key> — Lectr rewrites to api-key
StorageNever stored, never logged, exists in memory per request only
Your provider key is never persisted. Lectr normalises the auth header format per provider — you always send Authorization: Bearer, Lectr handles the rest.

Response headers

Lectr does not add custom headers to responses. The response your application receives is identical to what the provider returned — headers included.

Header quick reference

HeaderRequiredPurpose
X-Lectr-Key✅ YesOrg authentication
Authorization✅ YesProvider API key passthrough
X-Lectr-FeatureNoFeature tagging for dashboard breakdowns
X-Lectr-TaskNoTask type for smarter recommendations
X-Lectr-ProviderAzure onlyProvider override