Developer Documentation

Authentication - SentinelPulse API

Enterprise-grade uptime for distributed systems

Last updated: November 14, 2024 • API Version 2.4.1

API Key Management

Securely generate, scope, and rotate your API keys to control access across your monitoring infrastructure.

All programmatic access to the SentinelPulse platform requires a valid API key. Keys are scoped to specific environments and can be restricted by IP allowlisting. Generated keys follow the `sp_live_` or `sp_test_` prefix convention.

curl -X POST https://api.sentinelpulse.io/v2/keys \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "CI/CD Pipeline", "scope": ["check.read", "alert.write"], "ip_whitelist": ["54.192.10.4"]}'

🔑

Key Rotation Policy

Automate rotation every 90 days using our `sp_rotate` endpoint. Old keys remain valid for a 48-hour grace period to prevent deployment interruptions. Audit logs track creation, usage, and revocation timestamps down to the millisecond.

OAuth 2.0 Integration

Enable secure third-party access without sharing credentials. Our OAuth2 implementation supports authorization code flow with PKCE for public clients.

⚙️

Client Configuration

Register your application in the Developer Portal to receive a `client_id` and `client_secret`. Configure redirect URIs to match your deployment environments exactly. SentinelPulse enforces strict URI matching to prevent open redirect vulnerabilities.