Overview

Authorization and context identification

The AI Hub API uses a system of authorization and context identification for all API calls. Your API token authorizes the call and your user or organization ID, passed in the IB-Context header, identifies the request as coming from your community or organization account. You can manage tokens and locate your user ID and organization ID in your user settings.

OAuth tokens

All API requests made to an AI Hub API require an OAuth access token. You can add and manage OAuth tokens yourself from the APIs settings page.

For all API-based operations, authorizing by token grants the same access and permissions that the user who created the token currently has. In other words, if you’re unable to perform an operation in the UI with your current permissions, your API request for the same operation is denied.
AI Hub supports service accounts, AI Hub accounts not tied to a particular user and used only for making API calls. Organization admins can create service accounts and manage their OAuth tokens from the organization Members tab of the settings page. See Service accounts for details.

Adding tokens

You can add as many tokens as needed. While you can use a single token for all AI Hub API requests, creating multiple tokens can be helpful for organizing third-party access. For example, you might use one token per third-party application, so you can selectively manage and revoke third-party access.

  1. In the header, click the initials icon and select Settings.

  2. Select the APIs tab.

  3. Under OAuth tokens, click Add token.

  4. Enter a name and description for the token. Use the description to note the token’s purpose or intended usage.

  5. Select or define a custom expiration date for the token. The default setting is Never expires.

  6. Click Add.

  7. Copy the token.

    After closing the create token dialog, the token’s value is encrypted and can’t be copied again.

Refreshing tokens

You can refresh a token as needed. Refreshing a token updates its value.

  1. In the header, click the initials icon and select Settings.

  2. Select the APIs tab.

  3. In the OAuth tokens table, click the refresh icon Icon of two circling arrows. of the token to refresh.

  4. Select or define a custom expiration date for the token. The default setting is Never expires.

  5. Click Refresh token.

  6. Copy the token. After closing the refresh token dialog, the token’s value is encrypted and can’t be copied again.

Deleting tokens

If a token is no longer needed or you wish to revoke the access it grants, you can delete it.

  1. In the header, click the initials icon and select Settings, then click the APIs tab.

  2. In the OAuth tokens table, click the delete icon Icon of a trash can. of the token to delete.

  3. Enter the confirmation text and click Delete token.

To delete all tokens, click More above the OAuth tokens table, then select Delete all tokens.

IB-Context header

Because AI Hub supports having both a community account and an organization account tied to the same user ID and API token, the IB-Context header is used in API requests to identify the context of the call. For example, commercial and enterprise organization members with accounts created before release 25.28 have two contexts: an organization account and a personal community account. The IB-Context header specifies which context (account) to use to complete the API request.

Always define the IB-Context header. The appropriate header value depends on the account type.

  • Organization accounts — Use your organization ID. If undefined, defaults to the community context and the call might fail.

  • Community accounts — Use your user ID.

  • Service accounts — Use the organization ID or omit the header (defaults to organization ID).

Additional considerations include:

  • For requests that require consumption units to complete, the context dictates which account’s consumption units to use.

    For organization members with accounts created before release 25.28, if you don’t set the IB-Context header to the organization ID, requests use consumption units from your community account.

  • The context determines where to find input files and save output files. Requests fail if specified files don’t exist in the defined context.

Finding your user ID

Your user ID is a unique, non-editable identifier tied to your account. It’s created using the email address tied to your account.

  1. In the header, click the initials icon and select Settings.

  2. Select the APIs tab.

  3. Under User ID, click the Copy icon.

Organization admins can copy a service account’s user ID from the service account’s details page. Navigate to Settings > Members > Service accounts, then select the service account to open its details page.

Finding your organization ID

Commercial & Enterprise

An organization ID is a unique, non-editable identifier tied to your organization.

  1. In the header, click the initials icon and select Settings.

  2. Select the APIs tab.

  3. Under Organization ID, click the Copy icon.

The organization ID of a service account is the same as any other organization member’s. You can copy the ID from the service account’s details page. Navigate to Settings > Members > Service accounts, then select the service account to open its details page.