API Tokens

An API token lets your scripts, integrations, and CI pipelines call the StatusRadar User API β€” managing monitors, incidents, and status pages programmatically. The token is sent as a Bearer credential in the Authorization header.

You have one personal API token. Generating a new token replaces the previous one, and revoking it removes API access entirely until you generate another.

Generating a Token

  1. Go to Settings β†’ API (/dashboard/settings?tab=api).
  2. Click Generate New Token.
  3. The token is displayed once, immediately after generation. Copy it and store it securely.
6f3c9a1e... (64 hex characters)

Because you have a single token, generating a new one invalidates the old one. Any client still using the previous token will start receiving 401 Unauthorized. Update your integrations after regenerating.

The full token value is shown only at creation time. If you lose it, you cannot view it again β€” generate a new one (and update everything that used the old one).

Using a Token

Send the token in the Authorization header as a Bearer credential against api.statusradar.dev.

Authorization: Bearer YOUR_API_TOKEN

List your monitors

curl -H "Authorization: Bearer YOUR_API_TOKEN" \
  https://api.statusradar.dev/v1/monitors

Create a monitor

curl -X POST https://api.statusradar.dev/v1/monitors \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"My Website","target":"https://example.com","type":"http"}'

Load from an environment variable

Never hardcode the token in source. Load it from the environment or a secrets manager:

export STATUSRADAR_TOKEN="your-token"

curl -H "Authorization: Bearer $STATUSRADAR_TOKEN" \
  https://api.statusradar.dev/v1/monitors

The User API also covers incidents and status pages:

curl -H "Authorization: Bearer $STATUSRADAR_TOKEN" \
  https://api.statusradar.dev/v1/incidents

curl -H "Authorization: Bearer $STATUSRADAR_TOKEN" \
  https://api.statusradar.dev/v1/status-pages

Revoking a Token

To cut off programmatic access, go to Settings β†’ API and click Revoke. The token is removed immediately and all requests using it will return 401 Unauthorized from that point on. To restore access, generate a new token.

Revoke a token whenever:

  • It may have leaked (committed to a repo, pasted in a ticket, exposed in logs).
  • You no longer use the integration that relied on it.
  • You are rotating credentials as routine hygiene.

This Token Is Not the Only Credential

The API token documented here authenticates the User API only. Other surfaces use different schemes and must not be confused with it:

Surface Credential How it's sent
User API API token (this page) Authorization: Bearer <token>
Probe API Probe token Authorization: Bearer <token>
OTLP ingestion App token X-App-Token: <token> header
RUM ingestion API key api_key query parameter

OTLP and RUM credentials are managed per observability app, not on the API settings page. See API Authentication for the full breakdown.

Token Security

  • Keep it server-side. The User API token is a secret β€” never ship it to a browser.
  • Use environment variables or a secrets manager rather than hardcoding.
  • Rotate periodically and revoke immediately on any suspected exposure.
  • One token per account. If multiple systems share it, rotating affects all of them β€” plan rotations accordingly.

Next Steps