--- title: LastPass API description: >- The LastPass API enables programmatic management of your organization’s LastPass entities — users, roles (admin levels), and managed (child) companies for Managed Service Providers (MSPs) — supporting category: API Reference lastModified: '2026-05-18' url: https://developer.lastpass.com/business/docs --- # LastPass API The LastPass API enables programmatic management of your organization’s LastPass entities — users, roles (admin levels), and managed (child) companies for Managed Service Providers (MSPs) — supporting lifecycle operations (create, read, update, delete), invitations, and reporting. **Where to obtain key:** Generate in the LastPass **Admin Console → Advanced → LastPass API**. To learn about how you can create an API key for the LastPass API for your account and managed account(s), refer to the related [support article](https://link.lastpass.com/rest-api-reset-key). **Resources:** - **Users** — Create, retrieve, update, delete, and invite users within your company. - **Admin levels** — Define and manage role-based access control (RBAC) levels and assign users to them. - **Managed companies** — Manage child companies in an MSP (Managed Service Provider) hierarchy. - **Managed companies users** — Manage users within child companies in an MSP hierarchy. - **Managed companies admin levels** — Manage role-based access control (RBAC) levels within child companies in an MSP hierarchy. - **Managed companies reports** — Access billing cycles, billing reports, and admin user reports across managed companies. **Common patterns:** - Paginated list responses use `max-results` and `page-token` to set maximum number of results per page and to identify page break, respectively. - Sorting via `sort` query param (e.g. `name:asc`, `id:desc`). - Full-text search on string fields (e.g. `name`, `email`) uses `%` as a wildcard (e.g. `%name%`, `name%`). - Async operations (e.g. create managed company) return `202 Accepted`. - Errors follow the `ProblemDetails` schema (RFC 9457). **HTTP status code summary:** | Code | Message | Reason | |------|---------|-------------------| | 200 | OK | Request succeeded | | 201 | Created | Resource created successfully | | 202 | Accepted | Async operation queued; poll for result | | 204 | No Content | Request succeeded; no body returned | | 400 | Bad Request | Invalid payload or parameters | | 401 | Unauthorized | Missing or invalid API key | | 402 | Subscription Expired | Subscription has expired | | 403 | Forbidden | Authenticated but insufficient permissions | | 404 | Not Found | Resource does not exist | | 409 | Conflict | Request conflicts with current state | | 415 | Unsupported Media Type | Request body content type not supported | | 422 | Unprocessable Content | Request is well-formed but contains semantic errors | | 429 | Too Many Requests | Rate limit exceeded | | 500 | Internal Server Error | Unexpected server-side failure | **Version**: 1.0.0 **Terms of Service**: https://www.lastpass.com/legal-center/developer-terms **Base URL**: `https://api.lastpass.com/business` ## Authentication **Type**: API Key **Header**: `Authorization` Authenticate using your LastPass API key. Set the `Authorization` header to `api-key `. Example: `api-key lpkey_XXXXXXXXXXXX_YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY` Generate your API key in the LastPass Admin Console under **Advanced → LastPass API**. ## Resources - [Users](https://developer.lastpass.com/business/docs/users.md) - Create, retrieve, update, delete, and invite users within your company. - [Admin levels](https://developer.lastpass.com/business/docs/admin-levels.md) - Define and manage role-based access control (RBAC) levels and assign users to them. - [Managed companies](https://developer.lastpass.com/business/docs/managed-companies.md) - Manage companies in a Managed Service Provider (MSP) hierarchy. - [Managed companies users](https://developer.lastpass.com/business/docs/managed-companies-users.md) - Manage users within child companies in an MSP hierarchy. - [Managed companies admin levels](https://developer.lastpass.com/business/docs/managed-companies-admin-levels.md) - Manage role-based access control (RBAC) levels within child companies in an MSP hierarchy. - [Managed companies reports](https://developer.lastpass.com/business/docs/managed-companies-reports.md) - Access billing cycles, billing reports, and admin user reports across managed companies.