Skip to content

Authentication & endpoints

little big brain has two planes, and you authenticate to each differently.

Plane Host Auth You use it to…
Data plane (lbb-server) db.eu.littlebigbrain.com Bearer stack API key Read/write graphs, search, index
Account/SaaS API api.littlebigbrain.com Browser session cookie Manage accounts, stacks, and keys

Applications almost always talk to the data plane with a stack API key. The account API is what the console uses behind the scenes for sign-in and stack management.

A stack is an isolated tenant: its own graphs, its own data, its own keys. You create stacks from the console (Stacks view) or the account API. Each stack has a slug (e.g. product-dev) used in MCP URLs and admin calls.

A stack API key is a bearer credential that looks like:

lbb_sk_live_XXXXXXXXXXXXXXXXXXXX # production stack
lbb_sk_test_XXXXXXXXXXXXXXXXXXXX # test stack

Pass it as a bearer token on every data-plane request:

Terminal window
curl https://db.eu.littlebigbrain.com/v1/graph/summary?graph=main \
-H "Authorization: Bearer $LBB_API_KEY"

The SDKs take the key at construction:

const lbb = new LbbClient({ baseUrl: "https://db.eu.littlebigbrain.com", apiKey: process.env.LBB_API_KEY });
lbb = LbbClient("https://db.eu.littlebigbrain.com", api_key=os.environ["LBB_API_KEY"])
  • Node / server: process.env.LBB_API_KEY.
  • Python: os.environ["LBB_API_KEY"].
  • MCP (local): the LBB_API_KEY env var in your editor’s MCP config.
  • CI / deploys: your secret store.
Purpose URL
Hosted data plane (EU cell) https://db.eu.littlebigbrain.com
Account / SaaS API https://api.littlebigbrain.com
Hosted MCP endpoint https://mcp.littlebigbrain.com
Console https://cloud.littlebigbrain.com
Marketing site https://littlebigbrain.com

A self-hostable distribution is on the roadmap: it will run in a single-tenant mode (one fixed tenant/graph/branch) authenticated with a token you set, rather than stacks and per-stack keys. See CLI (self-hosted).

A stack has a default graph/branch (usually main). To target another, pass query parameters — the SDKs expose the same via client.graph("name") and options:

Terminal window
curl "https://db.eu.littlebigbrain.com/v1/search?graph=support&branch=candidate&query=..." \
-H "Authorization: Bearer $LBB_API_KEY"

The hosted MCP endpoint at mcp.littlebigbrain.com does not use a static key. It is an OAuth 2.1 protected resource: an MCP client that supports remote auth (Claude, Cursor) discovers the flow from an authorization challenge, runs the browser sign-in, and presents an access token. The server validates the token, confirms your account owns the stack, and mints a short-lived data-plane session — your machine never holds a little big brain key. Full details in the MCP guide.

Every non-2xx response is a structured JSON error the SDKs raise as a typed exception (LbbError). See the error model for the field set (status, type, code, message, param, requestId, docUrl) and how to handle common cases like a 404 on a missing graph.