API Keys
API keys grant programmatic access to the PingSLA REST API. Each key is tied to your workspace and inherits the permissions of the workspace owner.
Creating an API Key
- Go to Settings → API Keys
- Click Generate New Key
- Give the key a descriptive name (e.g.,
CI Pipeline — GitHub Actions) - Click Generate
- Copy the key immediately — it will not be shown again
psk_live_4a7f2c1e8b3d9e6f0a5c2b7d1e4f8a3c
The full API key is only displayed once at creation time. Store it in your secrets manager immediately.
Key Scopes
All API keys currently have full workspace access. Per-key scope restrictions (read-only, specific resource types) are available on the Enterprise plan.
| Scope | Access |
|---|---|
| Full Access | Read + Write all workspace resources |
| Read Only (Enterprise) | GET endpoints only |
| Monitors Only (Enterprise) | Monitor CRUD only |
Using an API Key
Include the key as a Bearer token in every API request:
curl https://api.pingsla.com/v1/monitors \
-H "Authorization: Bearer psk_live_your_key_here"
In code:
const response = await fetch('https://api.pingsla.com/v1/monitors', {
headers: {
'Authorization': `Bearer ${process.env.PINGSLA_API_KEY}`,
'Content-Type': 'application/json',
},
});
Revoking an API Key
- Go to Settings → API Keys
- Find the key to revoke
- Click the Revoke button
- Confirm revocation
Revoked keys are immediately invalidated — all in-flight requests using that key will receive a 401 response.
Key Rotation Strategy
For production integrations, rotate API keys on a regular schedule:
- Generate a new key
- Update all consumers (CI/CD secrets, environment variables)
- Verify the new key works in staging
- Revoke the old key
Environment Variables
Store keys using your platform's secrets mechanism:
# .env (never commit this file)
PINGSLA_API_KEY=psk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# GitHub Actions
# Settings → Secrets → Actions → New repository secret
# Name: PINGSLA_API_KEY
# Docker / Docker Compose
environment:
PINGSLA_API_KEY: "${PINGSLA_API_KEY}"
Rate Limits
API key requests are subject to the same rate limits as dashboard traffic:
| Plan | Requests / minute |
|---|---|
| Starter | 60 |
| Growth | 300 |
| Business | 1,000 |
| Enterprise | Custom |
Rate limit headers are returned on every response:
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 287
X-RateLimit-Reset: 1716042000