Skip to Content
Developer APIAuthentication

Authentication

All Detectify API requests require authentication using an API key passed via a custom HTTP header.

API Key Authentication

Include your API key in the X-Detectify-Key header with every request:

curl -H "X-Detectify-Key: YOUR_API_KEY" \
  https://api.detectify.com/rest/v2/assets/

Generating an API Key

  1. Log in to the Detectify dashboard.
  2. Navigate to Settings > API keys.
  3. Click Generate new key.
  4. Give the key a descriptive name (for example, “CI/CD Integration” or “Reporting Script”).
  5. Copy the key immediately — it will not be shown again.

Key Permissions

API keys inherit the permissions of the user who created them. If the user has access to all teams and assets, the API key has the same access. If the user’s access is restricted to specific teams, the API key is similarly restricted.

Security Best Practices

  • Store keys securely. Use environment variables or a secrets manager. Never hard-code API keys in source code or commit them to version control.
  • Rotate keys regularly. Generate new keys periodically and revoke old ones.
  • Use separate keys for different purposes. Create dedicated keys for CI/CD, reporting, and other integrations so you can revoke one without affecting others.
  • Restrict user permissions. Since API keys inherit user permissions, create keys from accounts with the minimum necessary access.

Revoking an API Key

  1. Navigate to Settings > API keys.
  2. Find the key you want to revoke.
  3. Click Revoke.

Revoked keys immediately stop working. Any integrations using the revoked key will receive 401 Unauthorized responses.

Last updated on
Developer APIOverview