API Tokens
An API token lets your scripts, integrations, and CI pipelines call the StatusRadar User API β managing monitors, incidents, and status pages programmatically. The token is sent as a Bearer credential in the Authorization header.
You have one personal API token. Generating a new token replaces the previous one, and revoking it removes API access entirely until you generate another.
Generating a Token
- Go to Settings β API (
/dashboard/settings?tab=api). - Click Generate New Token.
- The token is displayed once, immediately after generation. Copy it and store it securely.
6f3c9a1e... (64 hex characters)
Because you have a single token, generating a new one invalidates the old one. Any client still using the previous token will start receiving
401 Unauthorized. Update your integrations after regenerating.
The full token value is shown only at creation time. If you lose it, you cannot view it again β generate a new one (and update everything that used the old one).
Using a Token
Send the token in the Authorization header as a Bearer credential against api.statusradar.dev.
Authorization: Bearer YOUR_API_TOKEN
List your monitors
curl -H "Authorization: Bearer YOUR_API_TOKEN" \
https://api.statusradar.dev/v1/monitors
Create a monitor
curl -X POST https://api.statusradar.dev/v1/monitors \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name":"My Website","target":"https://example.com","type":"http"}'
Load from an environment variable
Never hardcode the token in source. Load it from the environment or a secrets manager:
export STATUSRADAR_TOKEN="your-token"
curl -H "Authorization: Bearer $STATUSRADAR_TOKEN" \
https://api.statusradar.dev/v1/monitors
The User API also covers incidents and status pages:
curl -H "Authorization: Bearer $STATUSRADAR_TOKEN" \
https://api.statusradar.dev/v1/incidents
curl -H "Authorization: Bearer $STATUSRADAR_TOKEN" \
https://api.statusradar.dev/v1/status-pages
Revoking a Token
To cut off programmatic access, go to Settings β API and click Revoke. The token is removed immediately and all requests using it will return 401 Unauthorized from that point on. To restore access, generate a new token.
Revoke a token whenever:
- It may have leaked (committed to a repo, pasted in a ticket, exposed in logs).
- You no longer use the integration that relied on it.
- You are rotating credentials as routine hygiene.
This Token Is Not the Only Credential
The API token documented here authenticates the User API only. Other surfaces use different schemes and must not be confused with it:
| Surface | Credential | How it's sent |
|---|---|---|
| User API | API token (this page) | Authorization: Bearer <token> |
| Probe API | Probe token | Authorization: Bearer <token> |
| OTLP ingestion | App token | X-App-Token: <token> header |
| RUM ingestion | API key | api_key query parameter |
OTLP and RUM credentials are managed per observability app, not on the API settings page. See API Authentication for the full breakdown.
Token Security
- Keep it server-side. The User API token is a secret β never ship it to a browser.
- Use environment variables or a secrets manager rather than hardcoding.
- Rotate periodically and revoke immediately on any suspected exposure.
- One token per account. If multiple systems share it, rotating affects all of them β plan rotations accordingly.
Next Steps
- API Authentication - All credential schemes across the platform
- API Overview - Base URL, structure, and conventions
- API: Monitors - Manage monitors programmatically
- Account Security Overview - All account security controls