Skip to main content
Every request to the iBlueprint API must include a valid API key. iBlueprint authenticates requests using the standard HTTP Authorization header with a Bearer token scheme. There are no cookies, sessions, or OAuth flows required for direct API access.

Generating an API key

  1. Open the iBlueprint dashboard and go to Settings → API Keys.
  2. Click New API key, give it a descriptive name, and confirm.
  3. Copy the key immediately — it is shown only once.
Store your key in a secure location such as an environment variable or a secrets manager. Never commit it to source control.

Attaching the key to requests

Include your API key as a Bearer token in the Authorization header of every request:
Authorization: Bearer YOUR_API_KEY

Example

curl -G "https://api.iblueprint.ai/api/trpc/blueprint.list" \
  --data-urlencode 'input={"json":{"page":1,"limit":10}}' \
  -H "Authorization: Bearer ibp_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
const response = await fetch(
  'https://api.iblueprint.ai/api/trpc/blueprint.list?' +
    new URLSearchParams({ input: JSON.stringify({ json: { page: 1, limit: 10 } }) }),
  {
    headers: {
      Authorization: 'Bearer ibp_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
    },
  }
);
const body = await response.json();
const blueprints = body.result.data.json;

Authentication errors

If your key is missing or invalid, the API returns HTTP 401 Unauthorized:
{
  "error": {
    "json": {
      "message": "UNAUTHORIZED",
      "code": -32001,
      "data": {
        "code": "UNAUTHORIZED",
        "httpStatus": 401
      }
    }
  }
}
If your key is valid but lacks permission for the requested resource, the API returns HTTP 403 Forbidden.

Key rotation

API keys do not expire automatically, but you can revoke them at any time from Settings → API Keys. After revoking a key, requests using it receive a 401 immediately. Issue a new key before revoking the old one to avoid downtime in any integrations that depend on it.