Skip to main content
This guide introduces the **Lit Express API ** and it’s web interface, the Lit Express Dashboard which allows both web3 and non-web3 developers to quickly set up their Lit environment and start using Lit Actions.

Overview

The Lit Express Dashboard is front end to the Lit Express API server designed to quickly and efficently execute Lit Actions, but also manages your user accounts, usage parameters, client wallet creation (PKPs), and IPFS based actions, through a simple set of groups.

Specifically it lets you:
  • Create accounts and obtain a master account API key.
  • Create usage API keys that can be scoped to specific lit-actions or used by dApps.
  • Create and manage wallets (PKPs) for signing and on-chain operations.
  • Register IPFS CIDs (immutable actions) and scope which wallets have access to them.
  • Organize all your resources into groups that combine PKPs, IPFS actions, and usage API keys in any combination.
  • Send lit-actions to the node for execution, authorized by a usage or account API key.
All of this can be done via the Dashboard (web GUI) or directly via the REST API, using a light-weight JS SDK, or even directly through CURL-ing commands. Data is secure and onchain - all configuration within the Dashboard can be acheived by talking directly to our contracts located on BASE.

Using the Dashboard

The Dashboard is a web management GUI for Lit Node Express. Open it from your browser at dashboard.dev.litprotocol.com It supports light/dark theme for your convenience and provides simple management tools. Dashboard workflow (recommended order):
  1. Request a new account (or log in)
  2. Request usage API keys
  3. Request new PKPs (wallets)
  4. Register IPFS CIDs (actions)
  5. Grouping your resrouces
  6. Run lit-actions
1

Request a new account (or log in)

On the login page you have two tabs:
  • Existing User — Paste your account API key and click Log in. The server checks that the account exists and is mutable.
  • New User — Enter an account name and optional description (and optional initial balance), then click Create account. The server creates the account and returns a new API key and wallet address. Store the API key securely; you’ll need it to manage the account.
After login, the dashboard shows Overview, Usage API Keys, Groups, IPFS Actions, Wallets, and Action Runner.
You’ll notice a single wallet in your account - it represents your master account API key, and can be used like a standard EVM wallet, or you can safely skip it’s web3 propertiers and use the APIs directly.
2

Request usage API keys

Usage API keys are scoped keys you can give to clients or dApps to run specific lit-actions or to deploy. They can be rotated or removed without changing the main account.In the Usage API Keys section, click Add. Set expiration and initial balance, then hit confirm. The server returns a new usage key once — copy and store it. You can optionally set a name and description after creation.

Use this key in the X-Api-Key (or Authorization: Bearer) header when calling the node so that usage is attributed to this key.
3

Request new PKPs (wallets)

PKPs (Programmable Key Pairs) are wallets the lit-nodes can use for signing. In the Wallets section, click Add to create a new wallet to assign to one of your users, or for use in running a lit-action. The server generates a new PKP and returns its address and public key.You can add existing PKPs to groups (see step 5) via Add PKP to group in the Groups section.
4

Register IPFS CIDs (actions)

To scope which usage API keys can run which code, you register IPFS CIDs as permitted actions. In the IPFS Actions section, pick a group from the dropdown, then Add an action: enter the IPFS CID of the lit-action and optional name/description. The server hashes the CID and stores it in the group. Only keys that are allowed to use that group can run that action.
5

Grouping your resources

Groups logically combine PKPs, IPFS actions, and (indirectly) usage API keys. You can use any combination: e.g. a group with only permitted actions, or only permitted wallets, or both.In the Groups section, click Add to create a group (name, description, optional permitted actions and PKPs, and flags for “all wallets permitted” / “all actions permitted”). Then:
  • Use IPFS Actions to add CIDs to the group.
  • Use Add PKP to group / Remove PKP from group to allow which wallets can be used in that group.
Usage API keys (and the account key) are validated against the account’s groups and permitted actions/wallets when you run a lit-action.
6

Run lit-actions

In the Action Runner section, paste some Lit Action JavaScript code and optional JSON parameters. Choose the API key (account or usage key) to use for the request, then click Execute. The node runs the action and returns signatures, response, and logs. The key you use must be allowed to run that action (via the group and IPFS CID configuration).

Using the API directly

The same workflows can be done via the REST API. The API itself is under /core/v1/. All endpoints that require authentication expect the API key in a header:
  • X-Api-Key: <your-api-key>
  • or Authorization: Bearer <your-api-key>
Examples below use BASE=api.dev.litprotocol.com and KEY=your_account_or_usage_api_key. The JavaScript examples use the Core SDK (LitNodeSimpleApiClient) from core_sdk.js. API workflow:
  1. New account or verify account (login)
  2. Add usage API key
  3. Create wallet (PKP)
  4. Add group and register IPFS action
  5. Add PKP to group (optional)
  6. Run lit-action

1. New account or verify account (login)

Create a new account (returns API key and wallet address). Or verify an existing key with theaccount_existsfunction. 
import { createClient } from './core_sdk.js';

const client = createClient('https://api.dev.litprotocol.com');

// New account
const res = await client.newAccount({
  accountName: 'My App',
  accountDescription: 'Optional description',
  initialBalance: '0'  // optional
});
console.log('API key:', res.api_key);
console.log('Wallet:', res.wallet_address);
// Store res.api_key securely.

// Or verify existing key (login)
const exists = await client.accountExists(res.api_key);
console.log('Account exists:', exists);

2. Add usage API key

Create a usage API key with expiration and balance. The response includes the new key only once — store it. 
// Expiration: e.g. 1 year from now (Unix timestamp). Balance: e.g. "1000000"
const expiration = String(Math.floor(Date.now() / 1000) + 365 * 24 * 3600);
const balance = '1000000';

const res = await client.addUsageApiKey({
  apiKey: accountApiKey,
  expiration,
  balance
});
console.log('New usage API key (store it now):', res.usage_api_key);

3. Create a wallet (PKP)

Request a new wallet (PKP) for the account. The server returns the wallet address and registers it. 
const res = await client.createWallet(accountApiKey);
console.log('Wallet address:', res.wallet_address);

4. Add group and register IPFS action

Create a group (with optional permitted actions and PKPs). Then add an action (IPFS CID) to the group to scope which keys can run it. 
// Create group (permitted_actions and pkps are keccak256 hashes; can be empty arrays)
await client.addGroup({
  apiKey: accountApiKey,
  groupName: 'My Group',
  groupDescription: 'Optional',
  permittedActions: [],
  pkps: [],
  allWalletsPermitted: true,
  allActionsPermitted: false
});

// List groups to get the new group id
const groups = await client.listGroups({ apiKey: accountApiKey, pageNumber: '0', pageSize: '10' });
const groupId = groups[groups.length - 1].id;

// Add an IPFS action (CID) to the group
await client.addActionToGroup({
  apiKey: accountApiKey,
  groupId,
  actionIpfsCid: 'QmYourIpfsCidHere',
  name: 'My Action',
  description: 'Optional'
});

5. Add PKP to group (optional)

Restrict which wallets (PKPs) can be used in the group by adding their public keys (or wallet addresses) to the group. 
await client.addPkpToGroup({
  apiKey: accountApiKey,
  groupId,
  pkpPublicKey: walletPublicKeyHex  // from listWallets or createWallet flow
});

6. Run lit-action

Execute a lit-action by sending JavaScript code and optional params. Use the account API key or a usage API key in the header. 
const result = await client.litAction({
  apiKey: accountApiKey,  // or usageApiKey
  code: `
    const message = "Hello from Lit Action";
    const sig = await LitActions.signEcdsa({ toSign: new TextEncoder().encode(message), publicKey, sigName });
    LitActions.setResponse({ response: JSON.stringify({ message, sig }) });
  `,
  jsParams: { publicKey: '0x...', sigName: 'sig1' }
});
console.log(result.signatures, result.response, result.logs);

Other useful endpoints

  • list_api_keys — List usage API keys (paginated).
  • list_groups — List groups.
  • list_wallets — List wallets.
  • list_actions — List actions in a group (by group_id).
  • list_wallets_in_group — List wallets in a group.
  • update_group — Update group name, description, and permission flags.
  • remove_action_from_group / remove_pkp_from_group — Remove action or PKP from a group.
  • get_node_chain_config — Get node chain config (no auth).
For full request/response shapes and OpenAPI spec, see the API reference (e.g. /openapi.json or Swagger UI if mounted).