Authentication
Learn how to authenticate your API requests with Bareuptime.
API Keys
All API requests require authentication using an API key. You can generate and manage API keys in your Bareuptime dashboard.
Creating an API Key
- Log in to your Bareuptime dashboard
- Navigate to Settings → API Keys
- Click Generate New Key
- Give your key a descriptive name (e.g., "Production Monitoring", "CI/CD Integration")
- Select the appropriate permissions
- Click Create Key
⚠️ Important: Copy and store your API key immediately. For security reasons, you won't be able to see it again.
Key Permissions
API keys can have different permission levels:
- Read Only: Can only retrieve data (monitors, status, statistics)
- Read/Write: Can create, update, and delete resources
- Admin: Full access including billing and user management
Using Your API Key
Include your API key in the Authorization header of all requests:
Authorization: Bearer YOUR_API_KEY
Example Request
curl -H "Authorization: Bearer sk_test_1234567890abcdef" \
https://api.bareuptime.co/v1/monitors
Security Best Practices
Keep Keys Secure
- Never commit API keys to version control
- Store keys in environment variables or secure vaults
- Rotate keys regularly (at least every 90 days)
- Use different keys for different environments
Environment Variables
Store your API key in environment variables:
export BAREUPTIME_API_KEY="sk_test_1234567890abcdef"
Then use it in your code:
const apiKey = process.env.BAREUPTIME_API_KEY;
Key Rotation
To rotate your API key:
- Generate a new API key
- Update your applications to use the new key
- Test that everything works correctly
- Delete the old API key
Rate Limiting
API requests are rate limited per API key:
- Free Plan: 100 requests per minute
- Pro Plan: 1,000 requests per minute
- Enterprise: 10,000 requests per minute
When you exceed the limit, you'll receive a 429 Too Many Requests response:
{
"success": false,
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "Rate limit exceeded. Try again in 60 seconds."
}
}
Rate Limit Headers
All responses include rate limit information in the headers:
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200
Error Handling
Authentication Errors
401 Unauthorized - Invalid or missing API key:
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid API key"
}
}
403 Forbidden - Insufficient permissions:
{
"success": false,
"error": {
"code": "FORBIDDEN",
"message": "Insufficient permissions for this operation"
}
}
Troubleshooting
Common authentication issues:
- Missing Authorization Header: Ensure you're including the
Authorizationheader - Incorrect Format: Use
Bearer YOUR_API_KEYformat - Expired Key: Check if your API key has been deleted or expired
- Wrong Environment: Ensure you're using the correct API key for the environment
Testing Authentication
Test your API key with a simple request:
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://api.bareuptime.co/v1/auth/test
Success response:
{
"success": true,
"data": {
"key_id": "key_1234567890",
"permissions": ["read", "write"],
"rate_limit": {
"limit": 1000,
"remaining": 999
}
}
}