Authentication
Learn how to authenticate with the tracer API using API keys.
Authentication
All API requests require authentication via API keys. API keys provide secure, revocable access to your organization's resources.
Creating an API Key
Navigate to API Keys
Go to Settings > API Keys in your dashboard.
Create New Key
Click Create API Key and configure:
Name: CI/CD Pipeline Key
Permissions: monitors:read, monitors:write, journeys:run
Expiration: 1 year (optional)API keys are shown only once when created. Store them securely. If lost, create a new key.
Using API Keys
Authorization Header
Include your API key in the Authorization header:
curl -X GET https://api.tracer/v1/monitors \
-H "Authorization: Bearer izli_sk_live_abc123xyz789"Request Example
const response = await fetch('https://api.tracer/v1/monitors', {
method: 'GET',
headers: {
'Authorization': 'Bearer izli_sk_live_abc123xyz789',
'Content-Type': 'application/json',
},
});API Key Permissions
Control what each key can access:
Permission Scopes
| Scope | Description |
|---|---|
monitors:read | View monitors and runs |
monitors:write | Create, update, delete monitors |
monitors:run | Trigger manual runs |
journeys:read | View journeys and runs |
journeys:write | Create, update, delete journeys |
journeys:run | Trigger manual runs |
alerts:read | View alerts and incidents |
alerts:write | Acknowledge, resolve alerts |
organization:read | View org and members |
organization:write | Manage members |
billing:read | View billing info |
Recommended Configurations
CI/CD Pipeline:
Permissions:
- monitors:read
- monitors:run
- journeys:read
- journeys:runMonitoring Dashboard:
Permissions:
- monitors:read
- journeys:read
- alerts:readFull Access:
Permissions: allKey Security
Best Practices
- Use least privilege - Only grant needed permissions
- Set expiration - Rotate keys periodically
- Use environment variables - Never hardcode keys
- Separate keys - Different keys for different purposes
- Audit regularly - Review and revoke unused keys
Environment Variables
Store keys in environment variables:
# .env (never commit this file)
IZLI_API_KEY=izli_sk_live_abc123xyz789// Use in code
const apiKey = process.env.IZLI_API_KEY;Secret Management
For production, use secret managers:
- AWS Secrets Manager
- HashiCorp Vault
- Azure Key Vault
- GCP Secret Manager
- GitHub Secrets
# GitHub Actions
env:
IZLI_API_KEY: ${{ secrets.IZLI_API_KEY }}Revoking Keys
Revoke compromised or unused keys:
- Go to Settings > API Keys
- Find the key
- Click Revoke
- Confirm revocation
Revoked keys are immediately invalid. Any requests using them will fail with 401 Unauthorized.
Key Expiration
Set expiration for added security:
| Duration | Use Case |
|---|---|
| 30 days | Temporary access |
| 90 days | Contractor access |
| 1 year | Long-term CI/CD |
| Never | Permanent integrations |
Expired keys automatically stop working. Create a new key before expiration to avoid disruption.
Troubleshooting
401 Unauthorized
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key"
}
}Causes:
- Missing
Authorizationheader - Incorrect key format (should be
Bearer KEY) - Revoked or expired key
- Typo in key
Solution:
# Verify header format
curl -H "Authorization: Bearer izli_sk_live_..." \
https://api.tracer/v1/monitors403 Forbidden
{
"success": false,
"error": {
"code": "FORBIDDEN",
"message": "Insufficient permissions for this action"
}
}Cause: Key doesn't have required permission scope.
Solution: Create a new key with needed permissions.
Testing Authentication
Verify your API key works:
curl -X GET https://api.tracer/v1/me \
-H "Authorization: Bearer YOUR_API_KEY"Success response:
{
"success": true,
"data": {
"organization": {
"id": "org_abc123",
"name": "Acme Inc"
},
"key": {
"name": "CI/CD Key",
"permissions": ["monitors:read", "monitors:run"],
"expires_at": "2025-01-15T00:00:00Z"
}
}
}