Authentication

The InfoLobby Public API uses OAuth 2.0 Bearer Tokens (RFC 6750). Every request must include an Authorization header.

Header format

Authorization: Bearer il_live_<your_secret>

Obtaining a key

1. Log into InfoLobby as the account owner
2. Go to Account → API Keys
3. Click Create API Key
4. Fill in:
   • Name — descriptive (e.g. ProcFu data import)
   • IP Whitelist (optional) — comma- or newline-separated IPs or CIDR ranges
   • Workspace access — check one or more workspaces, or leave all unchecked for access to every workspace owned by the account
   • Read only — when checked, the key cannot create, update, or delete data
5. Copy the secret shown in the confirmation dialog. This is the only time it will be displayed in plaintext.

Revealing an existing secret

If you forget the secret, click Reveal next to the key in your account screen. The current plaintext value is returned (InfoLobby stores secrets encrypted at rest).

Rotating a key

Click Rotate to issue a new secret for the same key record. The old secret stops working immediately. The key's ID, name, scopes, and audit trail are preserved.

Deleting a key

Click Delete. The key is soft-deleted and all future requests using it return 401.

Example curl request

curl https://infolobby.com/api/spaces/list \
  -H "Authorization: Bearer il_live_abc123..."

Security notes

• API secrets are sensitive credentials. Store them in a password manager or secret store — never commit them to source control.
• InfoLobby never logs plaintext secrets.
• A lost key should be rotated or deleted, not simply replaced.
• IP whitelisting is strongly recommended for production keys.
• API keys cannot manage other API keys. Key management is only available to the signed-in account owner.