> For the complete documentation index, see [llms.txt](https://docs.invisiblebits.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.invisiblebits.com/data-lake-api-usage/api-security.md).

# API security

API access is protected by two layers:

1. IP source filtering (optional)
2. Authentication (mandatory)

## IP source filtering

API access can be filtered out to allow only requests sent from specified IP addresses. This adds a security layer for accessing the API.\
To restrict the public IPs allowed to access the search API, you must send them to your Service Account Manager.

{% hint style="info" %}
IMPORTANT NOTE\
If you don’t specify a list of public IP address to restrict the access to the search API, it will be accessible from the whole Internet. This is not a security problem because the API will not process request that are not successfully authenticated with the right credentials.
{% endhint %}

## Authentication

The search API will ignore any request that is not successfully authenticated.\
The requests must include standard platform authentication headers as detailed below.\
The client sends the request including an Authorization header with the credentials encoded in Base64:

```
Authorization: Basic <Base64-encoded credentials>
```

Example: for username:password, the header would look like:

```
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
```

The search API will process the request, and if the credentials are not valid, the request will not be processed.

{% hint style="info" %}
**IMPORTANT NOTE**\
While platform authentication is simple and easy to implement, it is inherently insecure unless combined with HTTPS. HTTPS ensures that the transmitted credentials remain private, secure, and protected from interception, making it essential for any communication involving sensitive information.

If the headers are sent over an unencrypted HTTP connection, anyone intercepting the traffic (e.g., via man-in-the-middle attacks or packet sniffing) can extract and decode the credentials.

\
You must ensure that the requests to the search API must be always encrypted over HTTPS.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.invisiblebits.com/data-lake-api-usage/api-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.