Authentication

You’ll learn how to create API keys, use them to authenticate, and follow security best practices.

API Key Authentication

All Opswald API requests require an API key passed in the X-API-Key header:

curl https://api.opswald.com/api/traces \
  -H "X-API-Key: ops_your_key_here"

Creating API Keys

1. Open app.opswald.com
2. Go to Settings → API Keys
3. Click Create Key
4. Give it a descriptive name (e.g., “Production Backend”, “CI/CD Pipeline”)
5. Copy the key — it’s only shown once

Using Keys in the SDK

Pass your API key when initializing:

import opswald

opswald.init(api_key='ops_your_key_here', base_url='https://api.opswald.com')

import { init } from 'opswald';

init({ apiKey: 'ops_your_key_here', baseUrl: 'https://api.opswald.com' });

Environment Variables

The recommended approach is to use environment variables:

export OPSWALD_API_KEY=ops_your_key_here

Both SDKs automatically read OPSWALD_API_KEY when no key is passed explicitly.

Security Best Practices

• Never commit API keys to version control
• Use environment variables or a secrets manager
• Create separate keys for different environments (dev, staging, prod)
• Rotate keys regularly — revoke old keys in the dashboard
• Use the minimum scope needed — read-only keys for dashboards, write keys for SDKs

Revoking Keys

1. Go to Settings → API Keys
2. Find the key you want to revoke
3. Click Revoke
4. The key stops working immediately

Next Steps

• API Reference — Full REST API documentation
• Installation — Set up the SDK with your key