Skip to main content

Authentication

Every request to the InfinityBlue API must include a Bearer token in the Authorization header. The token is tied to your account and is used for billing, rate limiting, and access control.

Get your API key

1

Sign in

Open the InfinityBlue dashboard and sign in with your account.
2

Open the API keys page

Navigate to Settings → API Keys. The page lists every key that belongs to your workspace, along with its creation date and last-used timestamp.
3

Create a new key

Click Create key, give it a descriptive name (for example prod-backend or local-dev), and copy the value that appears. The key is shown only once.
Store the key immediately. For security reasons, the dashboard never displays the full key value again. If you lose it you must rotate the key.

Pass the key in a request

The key goes in the Authorization header using the Bearer scheme: 
curl https://api.getinfinityblue.com/v1/chat/completions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model": "gpt-5.4", "messages": [{"role": "user", "content": "Hi"}]}'
When using the official OpenAI SDKs, point the client at the InfinityBlue base URL and supply the key through the standard environment variable: 
import os
from openai import OpenAI

client = OpenAI(
    api_key=os.environ["INFINITYBLUE_API_KEY"],
    base_url="https://api.getinfinityblue.com/v1",
)

response = client.chat.completions.create(
    model="gpt-5.4",
    messages=[{"role": "user", "content": "Hi"}],
)

import OpenAI from "openai";

const client = new OpenAI({
  apiKey: process.env.INFINITYBLUE_API_KEY,
  baseURL: "https://api.getinfinityblue.com/v1",
});

const response = await client.chat.completions.create({
  model: "gpt-5.4",
  messages: [{ role: "user", content: "Hi" }],
});

Key security best practices

Treat your API key like a password. Anyone with the key can spend your credits and read your account metadata.
  • Load keys from environment variables or a secret manager. Never commit them to git or paste them into source files.
  • Use a different key per environment (development, staging, production) so you can revoke one without breaking the others.
  • Rotate keys on a fixed schedule and immediately after any suspected leak.
  • Apply IP allowlists or origin restrictions when the dashboard supports them for your plan.
  • When working in shared notebooks, redact the key from cell output and clear it from kernel memory at the end of the session.

Troubleshooting

If you receive a 401 Unauthorized response, walk through this checklist:
1

Confirm the header is present

The request must include Authorization: Bearer YOUR_API_KEY (note the space after Bearer). Without the scheme prefix, the server treats the header as malformed.
2

Confirm the key is active

A revoked or deleted key returns the same 401 error. Re-check the API keys page in the dashboard.
3

Confirm the base URL

Make sure you are sending requests to https://api.getinfinityblue.com/v1 and not a sibling host. Different environments have different key namespaces.
See Error Handling for a complete list of status codes and recovery steps.