API Keys & OAuth
Real-time monitoring for zero-downtime guarantees
Managing API Keys
UptimePulse uses scoped API keys to authenticate programmatic access to your monitoring infrastructure. Keys are tied to specific workspaces and enforce granular permissions across your check clusters.
Generate Keys
Navigate to Settings > Integrations > API Access. Click "Create New Key", assign scopes (e.g., monitor:read, alert:write, config:admin), and copy the up_live_... token before closing the modal. Keys are immediately active and bound to your account ID.
Rotate Credentials
Schedule automatic rotation every 90 days. UptimePulse issues a 72-hour grace period during transitions, ensuring zero interruption to your PagerDuty, Opsgenie, or webhook pipelines while your backend swaps the new secret.
Secure Storage
Never hardcode keys in client-side JavaScript or public repositories. Inject them via environment variables (UP_API_KEY) and restrict access to CI/CD runners, Terraform state files, or backend orchestrators only.
OAuth 2.0 Enterprise SSO
Connect UptimePulse to your identity provider using standard OAuth 2.0 and OIDC. Enterprise teams can enforce SAML 2.0 fallback, manage session lifecycles centrally, and audit cross-team access.
Configure your IdP (Okta, Azure AD, or Auth0) with the authorization endpoint https://auth.uptimepulse.io/oauth2/authorize. Set your redirect URI to match your integration path, and enable PKCE for public clients. UptimePulse supports openid, profile, and monitoring:admin scopes out of the box.
Authorization Code Flow
Recommended for server-side applications. Users authenticate via your IdP, receive an authorization code, and exchange it for short-lived access tokens (1-hour TTL) and refresh tokens (30-day TTL). Tokens are automatically blacklisted on workspace suspension.
Token Introspection
Validate incoming tokens without maintaining local JWKS caches. POST to https://api.uptimepulse.io/oauth2/introspect with your client credentials to verify scope, expiration, and tenant binding in real time before proxying requests to your internal dashboards.
Security Best Practices
Protect your monitoring stack by following industry-standard authentication hygiene. UptimePulse enforces rate limiting, anomaly detection, and mandatory MFA on all credential-issuing accounts.
Implement IP allowlisting for production keys, monitor the security_audit webhook for unexpected scope changes, and regularly review the active sessions dashboard. Disable unused keys immediately to reduce attack surface. All authentication requests are logged with ISO 8601 timestamps and forwarded to your SIEM via CloudWatch or Datadog integrations.
If a key is compromised, revoke it instantly through the console or via the DELETE /v1/auth/keys/{id} endpoint. UptimePulse automatically invalidates dependent refresh tokens, halts active check execution tied to that credential, and triggers a P1 alert to your designated Slack or Teams channel.