Docs/Api Reference/Authentication

Authentication

The public API authenticates with your project API keys — a public key and a secret key created under API Keys.

⚠

Keep the secret key server-side. Never embed it in client-side code or commit it to source control.

Basic auth (full scope)

For read and write access, use HTTP Basic auth with the public key as the username and the secret key as the password. Your HTTP client base64-encodes them into the header:

code

Authorization: Basic base64(publicKey:secretKey)

Most tools accept the two parts directly:

bash

curl https://<your-host>/api/public/traces \ -u "pk-...:sk-..."

python

requests.get( "https://<your-host>/api/public/traces", auth=("pk-...", "sk-..."), # (publicKey, secretKey) )

Bearer auth (limited scope)

Some public-key-only operations accept Bearer auth with just the public key:

code

Authorization: Bearer <publicKey>

Use Basic auth for anything that reads or writes project data.

Using the SDKs

The official SDKs handle authentication for you — you provide the public and secret keys once at initialization. See the Python, JS/TS, and Java SDKs.

Errors

A missing or invalid key returns 401. Insufficient permissions for the operation returns 403.

Next steps

API Keys — create and rotate keys.