API Keys
API keys allow programmatic access to Warden’s API. Only admins can create and manage API keys.
Creating an API Key
Section titled “Creating an API Key”- Navigate to Settings → API Keys
- Click Create API Key
- Enter a name to identify the key (e.g., “CI/CD Pipeline” or “Terraform”)
- Select a role for the key — this determines what the key can access (defaults to Editor)
- Click Create
API keys use the format sk_live_ followed by a 64-character hex string.
Using an API Key
Section titled “Using an API Key”Include the key in the Authorization header of your HTTP requests:
curl -H "Authorization: Bearer sk_live_your_key_here" \ https://your-warden-instance.com/api/monitorsThe key’s role determines which endpoints it can access. See Roles & Permissions for the full permission matrix.
API Key Roles
Section titled “API Key Roles”API keys follow the same RBAC system as users:
| Role | Access Level |
|---|---|
| Admin | Full API access including user management and settings |
| Editor | Can create/modify monitors, incidents, maintenance, and notifications |
| Viewer | Read-only access to monitors, incidents, and reports |
| Status Viewer | Can only access assigned status pages via API |
Viewing API Keys
Section titled “Viewing API Keys”The API Keys page shows:
- Key name
- Key prefix (first 12 characters, e.g.,
sk_live_abcd) - Assigned role
- Date created
- Last used timestamp
Revoking an API Key
Section titled “Revoking an API Key”- Navigate to Settings → API Keys
- Find the key and click Delete
The key is immediately invalidated. Any requests using it will receive a 401 Unauthorized response.
Security
Section titled “Security”- API keys are hashed with bcrypt before storage — the raw key is never stored
- Only the key prefix is stored in plaintext for identification purposes
- The
last_used_attimestamp is updated on each use so you can identify stale keys