Authentication

All Labs API endpoints require authentication using a Bearer token.

Getting an API Key

  1. Log in to the Labs Portal
  2. Navigate to API Keys in the sidebar
  3. Click Create New Key
  4. Give your key a descriptive name (e.g., “Production Training”, “Development”)
  5. Copy the key immediately—it won’t be shown again
Keep your API keys secure. Never commit them to version control or share them publicly.

Using Your API Key

Include the key in the Authorization header: 
curl -X GET "$LABS_URL/api/v1/catalog" \
  -H "Authorization: Bearer $LABS_API_KEY" \
  -H "Content-Type: application/json"

Environment Variables

Store your API key in environment variables: 
# .env (replace with your actual API key from the Labs Portal)
LABS_API_KEY=lab_...

import os
API_KEY = os.environ["LABS_API_KEY"]

Rate Limits

API keys have rate limits based on your subscription. Rate limit information is included in response headers:
HeaderDescription
X-RateLimit-LimitMaximum requests per window
X-RateLimit-RemainingRequests remaining in current window
X-RateLimit-ResetUnix timestamp when window resets

Handling Rate Limits

import json
import time
import urllib.request
import urllib.error

def make_request_with_retry(url, headers, json_data, max_retries=3):
    data = json.dumps(json_data).encode()
    for attempt in range(max_retries):
        req = urllib.request.Request(url, data=data, headers=headers, method="POST")
        try:
            with urllib.request.urlopen(req) as response:
                return json.loads(response.read())
        except urllib.error.HTTPError as e:
            if e.code == 429:  # Rate limited
                reset_time = int(e.headers.get("X-RateLimit-Reset", 0))
                wait_time = max(reset_time - time.time(), 1)
                time.sleep(wait_time)
                continue
            raise

    raise Exception("Max retries exceeded")

Error Responses

Authentication errors return a 401 status: 
{
  "message": "Invalid or missing API key",
  "data": { "request_id": "req_01jk..." }
}
Common causes:
  • Missing Authorization header
  • Incorrect key format (should be Bearer <key>)
  • Expired or revoked key
  • Key doesn’t have access to requested collection

Key Management

Multiple Keys

Create separate keys for different environments:
  • Production: High rate limits, monitored usage
  • Development: Lower limits, for testing
  • CI/CD: Dedicated key for automated testing

Revoking Keys

If a key is compromised:
  1. Go to API Keys in the Labs Portal
  2. Find the compromised key
  3. Click Revoke
  4. Create a new key and update your systems
Revocation is immediate. Any requests using the revoked key will fail.

Subscription Requirements

API keys can only access collections your organization is subscribed to. Attempting to access unsubscribed collections returns: 
{
  "message": "Organization does not have access to collection: finance",
  "data": { "request_id": "req_01jk..." }
}
Contact us through the Labs Portal to request access to additional collections.