Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.iblueprint.ai/llms.txt

Use this file to discover all available pages before exploring further.

API keys let you authenticate requests to iBlueprint outside of the browser — whether you are running the CLI, integrating iBlueprint into a script, or making direct API calls from your own application. Each key is scoped to your user account and acts as a Bearer token that the iBlueprint API verifies on every request.

Creating an API key

1

Open API Keys settings

Click your avatar in the top-right corner, select Settings, then choose API Keys from the left sidebar.
2

Create a new key

Click Create API key, enter a descriptive name (for example, CI pipeline or local dev), and confirm.
3

Copy the key

Your new API key is displayed once. Copy it and store it somewhere safe — iBlueprint does not show the full key value again after you close the dialog.
You can only view the full API key value immediately after creating it. If you lose it, you must revoke the key and create a new one.

Using your API key

With the iBlueprint CLI

Set the key as an environment variable before running CLI commands: 
export IBP_API_KEY=ibp_your_api_key_here
iblueprint list

In HTTP requests

Pass the key as a Bearer token in the Authorization header: 
curl https://api.yourdomain.com/api/trpc/blueprint.list \
  -H "Authorization: Bearer ibp_your_api_key_here" \
  -H "Content-Type: application/json"

curl https://api.yourdomain.com/api/trpc/blueprint.list \
  -H "Authorization: Bearer ibp_your_api_key_here" \
  -H "Content-Type: application/json"

Rotating a key

If you suspect a key has been compromised, rotate it immediately:
  1. Go to Settings → API Keys.
  2. Find the key you want to rotate and click Revoke.
  3. Create a new key and update all places where the old key was used.
Rotate keys periodically even if you have no reason to suspect a compromise. Treat API keys like passwords: short-lived keys limit the window of exposure if one is ever leaked.

Revoking a key

To permanently revoke a key:
  1. Go to Settings → API Keys.
  2. Click the menu next to the key and select Revoke.
Revoked keys stop working immediately. Any CLI command or API request using a revoked key returns a 403 Forbidden response.

Security best practices

Store API keys in environment variables or a secrets manager (such as AWS Secrets Manager, HashiCorp Vault, or your CI provider’s secret store). Add .env files to your .gitignore to prevent accidental commits.
# .gitignore
.env
.env.local
.env.*.local
Name each key after its intended use (for example, GitHub Actions, staging server, local dev). This makes it easy to identify and revoke the right key if you need to rotate credentials for a specific environment.
Avoid reusing the same key across multiple applications or environments. Separate keys let you revoke access for a single integration without disrupting others.
iBlueprint supports per-key rate limiting (requests per hour and per day). Use this to cap how many requests a key can make, reducing the blast radius if a key is misused.