Authentication & endpoints
little big brain has two planes, and you authenticate to each differently.
The two planes
Section titled “The two planes”| Plane | Host | Auth | You use it to… |
|---|---|---|---|
Data plane (lbb-server) |
db.eu.littlebigbrain.com |
Bearer stack API key | Read/write graphs, search, index |
| Account/SaaS API | api.littlebigbrain.com |
Browser session cookie | Manage accounts, stacks, and keys |
Applications almost always talk to the data plane with a stack API key. The account API is what the console uses behind the scenes for sign-in and stack management.
Stacks
Section titled “Stacks”A stack is an isolated tenant: its own graphs, its own data, its own keys.
You create stacks from the console (Stacks view) or the account API. Each
stack has a slug (e.g. product-dev) used in MCP URLs and admin calls.
Stack API keys
Section titled “Stack API keys”A stack API key is a bearer credential that looks like:
lbb_sk_live_XXXXXXXXXXXXXXXXXXXX # production stacklbb_sk_test_XXXXXXXXXXXXXXXXXXXX # test stackPass it as a bearer token on every data-plane request:
curl https://db.eu.littlebigbrain.com/v1/graph/summary?graph=main \ -H "Authorization: Bearer $LBB_API_KEY"The SDKs take the key at construction:
const lbb = new LbbClient({ baseUrl: "https://db.eu.littlebigbrain.com", apiKey: process.env.LBB_API_KEY });lbb = LbbClient("https://db.eu.littlebigbrain.com", api_key=os.environ["LBB_API_KEY"])Where to store it
Section titled “Where to store it”- Node / server:
process.env.LBB_API_KEY. - Python:
os.environ["LBB_API_KEY"]. - MCP (local): the
LBB_API_KEYenv var in your editor’s MCP config. - CI / deploys: your secret store.
Base URLs
Section titled “Base URLs”| Purpose | URL |
|---|---|
| Hosted data plane (EU cell) | https://db.eu.littlebigbrain.com |
| Account / SaaS API | https://api.littlebigbrain.com |
| Hosted MCP endpoint | https://mcp.littlebigbrain.com |
| Console | https://cloud.littlebigbrain.com |
| Marketing site | https://littlebigbrain.com |
A self-hostable distribution is on the roadmap: it will run in a single-tenant mode (one fixed tenant/graph/branch) authenticated with a token you set, rather than stacks and per-stack keys. See CLI (self-hosted).
Selecting a graph and branch
Section titled “Selecting a graph and branch”A stack has a default graph/branch (usually main). To target another, pass
query parameters — the SDKs expose the same via client.graph("name") and
options:
curl "https://db.eu.littlebigbrain.com/v1/search?graph=support&branch=candidate&query=..." \ -H "Authorization: Bearer $LBB_API_KEY"Hosted MCP OAuth
Section titled “Hosted MCP OAuth”The hosted MCP endpoint at mcp.littlebigbrain.com does not use a static
key. It is an OAuth 2.1 protected resource: an MCP client that supports remote
auth (Claude, Cursor) discovers the flow from an authorization challenge, runs
the browser sign-in, and presents an access token. The server validates the
token, confirms your account owns the stack, and mints a short-lived data-plane
session — your machine never holds a little big brain key. Full details in the
MCP guide.
Error responses
Section titled “Error responses”Every non-2xx response is a structured JSON error the SDKs raise as a typed
exception (LbbError). See the error model for the field
set (status, type, code, message, param, requestId, docUrl) and how
to handle common cases like a 404 on a missing graph.