API Keys
API Keys
Where to mint, list, and revoke API keys for programmatic access to SigSentry
API keys are managed from the SigSentry dashboard. Sign in and use one of the three flows below — the page you start from decides the kind of key you mint:
| Page | Mints | Notes |
|---|---|---|
| Project → API Keys → SDK Keys tab | ss_pub_* | Locked to analysis:create + analysis:read. Safe in browsers, mobile apps, and <script> embeds. |
| Project → API Keys → API keys tab | ss_secret_* | Project-scoped, full permission picker. Server-side only. |
| Organization → API Keys | ss_org_* | Tenant-scoped, full permission picker. Server-side, cross-project automation. |
For conceptual guidance — picking the right key type, what permissions to choose, how to store the key value safely, and how to rotate cleanly — see API Keys.
Permissions
Every key carries an explicit permission list. The available permissions:
| Permission | Grants |
|---|---|
analysis:create | Create analyses, ask follow-ups, generate postmortems |
analysis:read | List analyses, fetch by id, view similar incidents |
config:read | Read project, channel, log source, repo, watchdog config |
config:write | Create/update/delete config resources |
ss_pub_* keys are platform-locked to analysis:create and
analysis:read. ss_secret_* and ss_org_* keys can carry any
combination from the table above. See
Permissions for the complete
endpoint-to-permission mapping.