Overview
Warrn API keys provide secure, organization-level access for automation, CI/CD pipelines, and third-party integrations. Each API key is scoped to your organization and can be configured with specific permissions and security restrictions.Creating an API Key
Step 1: Navigate to API Keys
- Sign in to your Warrn dashboard
- Go to Settings → API Keys
- Click Create API Key
Step 2: Configure Your API Key
Basic Information
Basic Information
API Key Name: Give your key a descriptive name (e.g., “Production Automation”, “CI/CD Pipeline”)Key Type: Currently supports
organization level keys (service-level keys coming soon)Permission Levels
Permission Levels
Choose the appropriate permission level for your use case:
- Read: View organization data (alerts, services, teams)
- Write: Read permissions + create/update resources (recommended for automation)
- Admin: Write permissions + manage API keys and organization settings
Security Settings
Security Settings
Expiration Date (Optional): Set an expiration date for automatic key rotationIP Restrictions (Optional): Limit access to specific IP addresses or ranges
- Enter one IP per line:
192.168.1.100 - Use CIDR notation for ranges:
192.168.1.0/24 - Leave empty to allow access from any IP
Step 3: Secure Your Key
After clicking Create API Key:- Copy the key immediately - it will look like
warrn_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890abcdef - Store it securely in your password manager or environment variables
- Click Done - the key will never be displayed again
Using API Keys
Authentication Header
Include your API key in theX-API-Key header for all requests:
Rate Limits
All API keys have a default rate limit of 1,000 requests per hour. Rate limits are automatically managed for security and fair usage.Managing API Keys
Viewing API Keys
The API keys table shows:- Name & Masked Key: Descriptive name and masked version (
warrn_wo********) - Permissions: Current permission level
- Usage: Request count and last used date/IP
- Status: Active, inactive, or expired
Editing API Keys
You can update:- ✅ API key name
- ✅ Permission level
- ✅ IP restrictions
- ✅ Expiration date
- ✅ Active/inactive status
The actual API key value cannot be changed. Create a new key if you need a different key value.
Deleting API Keys
To delete an API key:- Click the Delete button (trash icon) next to the key
- Confirm the deletion in the dialog
- Update any applications using the deleted key
Security Best Practices
Key Storage
Key Storage
- Never commit API keys to version control
- Use environment variables or secure secret management
- Rotate keys regularly (set expiration dates)
- Use different keys for different environments (dev/staging/prod)
Permission Scoping
Permission Scoping
- Use the minimum required permissions for each use case
- Prefer Write over Admin permissions when possible
- Create separate keys for different applications or teams
Network Security
Network Security
- Restrict IP access when possible
- Use HTTPS only for API requests
- Monitor usage patterns for anomalies
Monitoring
Monitoring
- Regularly review API key usage in the dashboard
- Set up alerts for suspicious activity
- Disable unused keys immediately
Troubleshooting
401 Unauthorized
401 Unauthorized
403 Forbidden
403 Forbidden
Causes:
- Insufficient permissions for the requested action
- IP address not in allowed list
- Rate limit exceeded
- Check the key has required permissions (read/write/admin)
- Verify your IP is in the allowed list
- Wait for rate limit reset or contact support
Key Not Working
Key Not Working
Common issues:
- Typos in the key value
- Using a masked key instead of the full key
- Key has expired
- Wrong API endpoint URL
- Double-check the full key value (starts with
warrn_) - Verify the key hasn’t expired
- Ensure you’re using the correct API base URL