Lexsis Storefronts

Authentication

API keys, OAuth 2.1, and workspace scoping

Authentication

The Lexsis Storefront API supports two authentication methods.

API Keys

API keys use the lx_ prefix and are scoped to your organization.

Each key has:

  • Tenant scope — tied to one brand/organization
  • Workspace — default workspace for API calls
  • Permissionsread, write, or admin

Creating a Key

Navigate to Settings → API Keys → Create in your Lexsis dashboard.

Using a Key

Pass your API key in the X-API-Key header:

X-API-Key: lx_your_key_here

OAuth 2.1

The platform implements RFC 9728 (OAuth Protected Resource Metadata) for programmatic access.

Well-known Endpoints

EndpointPurpose
/.well-known/oauth-protected-resourceResource metadata
/.well-known/oauth-authorization-serverAuthorization server metadata

Flow

  1. Client discovers auth requirements via protected resource metadata
  2. Client authenticates via authorization server
  3. Bearer token issued for subsequent API calls
  4. Scopes: mcp:tools

Workspace Scoping

API calls are scoped to a workspace. The workspace resolves from:

  1. X-Workspace-Id header — optional override (must belong to same tenant)
  2. API key default — the workspace set when the key was created

To override the default workspace for a specific request:

X-Workspace-Id: ws_your_workspace_id

Connection Methods

MethodTransport
Claude Codestdio (local process)
Claude Desktopstdio via config
HTTP clientsPOST https://mcp.trylexsis.com/mcp with Bearer token
ChatGPTOpenAPI schema at /openapi.json

Permissions

LevelCan do
readList and get resources (blueprints, pages, analytics)
writeCreate/modify pages, blueprints, experiments
adminManage API keys, workspace settings, domain routes

Tool Reference

Complete reference for all 44 Lexsis Storefront API tools

Blueprints

JSON documents that define storefront pages

On this page

AuthenticationAPI KeysCreating a KeyUsing a KeyOAuth 2.1Well-known EndpointsFlowWorkspace ScopingConnection MethodsPermissions