API Credentials
Every request to the Alerta v2 API requires an API key and an API secret. You get both from your Alerta dashboard.
Where to find your credentials
- Sign in at app.alerta.encrisoft.com.
- Open your organization dashboard.
- Go to Configuration > API Credentials.
- Copy your API key and API secret.
If you haven't created credentials yet, create a new set from that page. Give it a name that identifies the service sending the alerts (e.g. production-alerting-service).
How credentials work
Both values are required on every v2 request:
x-api-key: your_api_key
x-api-secret: your_api_secret
Content-Type: application/json
- API key — identifies your organization
- API secret — authenticates the request
If either value is missing or incorrect, the API returns a 403 error.
Keep credentials private
- Store them in a secret manager (e.g. AWS Secrets Manager, HashiCorp Vault, GitHub Actions secrets)
- Create separate credentials for separate environments (staging vs production)
- Do not put credentials in frontend JavaScript, mobile apps, or public repositories
- Rotate credentials when a team member who had access leaves
Rotating credentials
- Create a new credential set in Configuration > API Credentials.
- Update your service to use the new values.
- Verify alerts are still being delivered.
- Delete the old credential set.
Related
- Authentication — required headers for every request
- Errors — what a
403response looks like