Authorization and context identification

The AI Hub API uses a system of authorization and context identification for all API calls. Your API token authorizes the call and your user or organization ID, passed in the IB-Context header, identifies the request as coming from your community or organization account. You can manage tokens and locate your user ID and organization ID in your user settings.

OAuth tokens

All API requests made to an AI Hub API require an OAuth access token. You can add and manage OAuth tokens yourself from the APIs settings page.

For all API-based operations, authorizing by token grants the same access and permissions that the user who created the token currently has. In other words, if you’re unable to perform an operation in the UI with your current permissions, your API request for the same operation is denied.
AI Hub supports service accounts, AI Hub accounts not tied to a particular user and used only for making API calls. Organization admins can create service accounts and manage their OAuth tokens from the organization Members tab of the settings page. See Service accounts for details.

Adding tokens

You can add as many tokens as needed. While you can use a single token for all AI Hub API requests, creating multiple tokens can be helpful for organizing third-party access. For example, you might use one token per third-party application, so you can selectively manage and revoke third-party access.

  1. In the header, click the initials icon and select Settings.

  2. Select the APIs tab.

  3. Under OAuth tokens, click Add token.

  4. Enter a name and description for the token. Use the description to note the token’s purpose or intended usage.

  5. Select or define a custom expiration date for the token. The default setting is Never expires.

  6. Click Add.

  7. Copy the token.

    After closing the create token dialog, the token’s value is encrypted and can’t be copied again.

Refreshing tokens

You can refresh a token as needed. Refreshing a token updates its value.

  1. In the header, click the initials icon and select Settings.

  2. Select the APIs tab.

  3. In the OAuth tokens table, click the refresh icon

    Icon of two circling arrows.
    of the token to refresh.

  4. Select or define a custom expiration date for the token. The default setting is Never expires.

  5. Click Refresh token.

  6. Copy the token. After closing the refresh token dialog, the token’s value is encrypted and can’t be copied again.

Deleting tokens

If a token is no longer needed or you wish to revoke the access it grants, you can delete it.

  1. In the header, click the initials icon and select Settings, then click the APIs tab.

  2. In the OAuth tokens table, click the delete icon

    Icon of a trash can.
    of the token to delete.

  3. Enter the confirmation text and click Delete token.

To delete all tokens, click More above the OAuth tokens table, then select Delete all tokens.

IB-Context header

Because AI Hub supports having both a community account and an organization account tied to the same user ID and API token, the IB-Context header is used in API requests to identify the context of the call. For example, commercial and enterprise users have two contexts: an organization account and a personal community account. The IB-Context header specifies which context (account) to use to complete the API request.

Some notes on using the IB-Context header:

  • To make a request with your community account’s context, use your user ID as the IB-Context header value.

  • To make a request with your organization account’s context, use your organization ID as the IB-Context header value.

  • For requests that require consumption units to complete, the context dictates which account’s consumption units to use.

    For organization members, if you don’t set the IB-Context header to the organization ID, requests use consumption units from your community account.

  • The context dictates where to find input files and where to save output files. If your request specifies inputs or outputs that don’t exist in the defined or default context, the request fails.

  • The IB-Context header is optional but it’s a best practice to include it in all requests, even for users without an organization account. If the header is undefined, the default behavior is to use the community context.

  • Service accounts exist only in the context of their organization, with no associated community account. For service accounts, the IB-Context value defaults to the organization ID.

Finding your user ID

Your user ID is a unique, non-editable identifier tied to your account. It’s created using the email address tied to your account.

  1. In the header, click the initials icon and select Settings.

  2. Select the APIs tab.

  3. Under User ID, click the Copy icon.

Organization admins can copy a service account’s user ID from the service account’s details page. Navigate to Settings > Members > Service accounts, then select the service account to open its details page.

Finding your organization ID
commercial and enterprise

An organization ID is a unique, non-editable identifier tied to your organization.

  1. In the header, click the initials icon and select Settings.

  2. Select the APIs tab.

  3. Under Organization ID, click the Copy icon.

The organization ID of a service account is the same as any other organization member’s. You can copy the ID from the service account’s details page. Navigate to Settings > Members > Service accounts, then select the service account to open its details page.
Was this page helpful?