InsightBase
⌘K
Get Started

Developers

API & Integrations

Everything in InsightBase is reachable over a REST API — the app itself is just a client of it.

API reference

The full REST API — every endpoint, request/response shape, and auth requirement — is documented live from the backend's own handler annotations at /docs (Swagger UI). It's always in sync with the deployed API, since it's generated directly from the code that serves it.

Authentication

Two ways to authenticate a request, depending on who's calling:

  • Session (JWT) — what the web app uses. A short-lived access token in the Authorization: Bearer header, obtained from /api/v1/auth/login.
  • API keys — for scripts, integrations, and MCP clients. Long-lived, created from Settings → API Keys, and passed the same way: Authorization: Bearer ibk_....
Careful:An API key's raw value is only ever shown once, at creation time — only its hash and a short prefix (e.g. ibk_3kf9...) are stored. If you lose it, revoke it and create a new one.

Example request

cURL
curl https://app.insightbase.io/api/v1/dashboards \
  -H "Authorization: Bearer ibk_3kf9aZ1mP7qXv2..."

MCP (Model Context Protocol)

InsightBase exposes an MCP endpoint so AI assistants like Claude Desktop can query your dashboards and datasources directly as tools, authenticated with an API key. Enable it from Settings, then point your MCP client at your organization's MCP endpoint using an API key as the credential.

Rate limits

Authentication endpoints (login, register, invite-accept) are rate-limited per IP to protect against brute-force and spam. If you're building an integration that authenticates frequently on behalf of many users, use a long-lived API key instead of re-authenticating with a password each time.