Reference

LiveProfit Public API v1

REST endpoints for merchants and integrators. Read orders, P&L, product analytics, cohorts, LTV. Manage custom expenses and outbound webhooks. Available on the Scale plan; free for the 3 internal Luxi Horizon stores during beta.

Overview

Base URL: https://app.liveprofit.io/v1

Media type: application/json — request bodies and responses.

All requests are HTTPS. Non-HTTPS calls return 400.

Authentication

Create an API key in Settings → Developer. Keys look like lp_live_<40 hex> and are shown once at creation. Store safely — we hash-only at rest.

Send the key either way:

# Authorization header (recommended)
curl -H "Authorization: Bearer lp_live_xxxx" \
  https://app.liveprofit.io/v1/orders

# X-API-Key header
curl -H "X-API-Key: lp_live_xxxx" \
  https://app.liveprofit.io/v1/orders

Keys are store-scoped — no store_id query param needed. Scopes:

ScopeGrants
readAll GET endpoints
writeread + POST /v1/expenses, POST /v1/webhooks
adminEverything, incl. deleting subscriptions

Rate limits

300 requests/minute per API key, rolling window. Exceeded limits return 429 Too Many Requests with a Retry-After header (seconds).

Response envelope

Success:

{
  "data": { ... },
  "pagination": { "total": 1234, "limit": 50, "offset": 100 }
}

Error:

{ "error": { "code": "invalid_scope", "message": "This key doesn't have write access." } }

Orders

GET /v1/orders

List orders in a date range.

Query params: from, to (YYYY-MM-DD, default last 30 days), status (PAID · PARTIALLY_REFUNDED · REFUNDED), limit (≤250, default 50), offset.

curl -H "X-API-Key: $KEY" \
  "https://app.liveprofit.io/v1/orders?from=2026-06-01&to=2026-06-30&status=PAID&limit=100"

Order fields (no customer PII): id, name, created_at, date, status, total_price, total_refunded, cogs, discounts, shipping, transaction_fees.

GET /v1/orders/{id}

Single order including line_itemstitle, variant, qty, unit_price, unit_cost.

Products

GET /v1/products

Per-product analytics over from/to: revenue, COGS, attributed ad spend, net profit, margin, ROAS (uses the store's configured attribution model).

Analytics

GET /v1/analytics/dashboard

Same numbers as the dashboard UI.

Returns: { metrics, daily, display_currency }. metrics includes netProfit, grossRevenue, cogs, adSpend (+ per platform), customExpenses, roas, breakEvenRoas, margin.

GET /v1/analytics/pnl

Monthly rollup rows: month, gross_revenue, refunds, net_revenue, cogs, ad_spend, transaction_fees, custom_expenses, net_profit.

GET /v1/analytics/cohorts

Cohort rows with per-month retention + revenue. Query: months_back (default 12).

GET /v1/analytics/ltv

avg_ltv_30d / 90d / 365d / lifetime, avg_orders_per_customer, repeat_rate, customers_tracked.

Custom expenses

GET /v1/expenses

List all recurring & one-off expenses for the store.

POST /v1/expenses requires write

Body:

{
  "name": "Office rent",
  "category": "overhead",
  "amount": 1200,
  "currency": "CHF",
  "frequency": "monthly",
  "active_from": "2026-01-01",
  "active_to": null
}

frequencyonce, daily, weekly, monthly, yearly.

Ad platforms

GET /v1/ad-platforms

Connection state per platform (no tokens returned). Fields: platform, ad_account_id, ad_account_name, connected_at, expires_at.

Outbound webhooks

GET /v1/webhooks

List active subscriptions for the store.

POST /v1/webhooks requires write

Body: { url, events, include_pii? }. url must be HTTPS. events is a comma-separated string from:

  • order.created
  • anomaly.critical
  • sync.failed
  • report.sent
  • threshold.breached

Response returns the signing secret — shown once. Store it.

Delivery signature

Every delivery includes:

Content-Type: application/json
X-LiveProfit-Event: order.created
X-LiveProfit-Signature: sha256=<hex hmac-sha256(rawBody, secret)>

Verify (Node.js):

const crypto = require('crypto');
const expected = 'sha256=' + crypto
  .createHmac('sha256', SECRET)
  .update(rawBody)
  .digest('hex');
const valid = crypto.timingSafeEqual(
  Buffer.from(header),
  Buffer.from(expected)
);

Body shape: { event, store_id, timestamp, data }.

Retries & auto-disable

5xx/network errors retried at 2s / 10s / 30s. After 20 consecutive failures, the subscription auto-disables — re-enable in Settings → Developer. PII fields are stripped from payloads unless the subscription was created with include_pii: true.

Zapier & Make

Search LiveProfit in Zapier or import the Make blueprint. Both authenticate with your API key. Available triggers use the same webhook events listed above. Actions cover add_expense, get_dashboard, get_products.

Versioning

The /v1 namespace guarantees non-breaking additions only. Breaking changes go to /v2. Deprecations get a Sunset header 6 months in advance.

Something unclear? Email support@liveprofit.io — a human answers within 24h.