Overview
Warrn API keys provide secure, organization-level access for automation, CI/CD pipelines, and third-party integrations. Each API key is scoped to your organization and can be configured with specific permissions and security restrictions.API keys are only displayed once during creation for security reasons. Make sure to copy and store them securely immediately after creation.
Creating an API Key
Step 1: Navigate to API Keys
- Sign in to your Warrn dashboard
- Go to Settings → API Keys
- Click Create API Key
Step 2: Configure Your API Key
Basic Information
Basic Information
API Key Name: Give your key a descriptive name (e.g., “Production Automation”, “CI/CD Pipeline”)Key Type: Currently supports
organization level keys (service-level keys coming soon)Permission Levels
Permission Levels
Choose the appropriate permission level for your use case:
- Read: View organization data (alerts, services, teams)
- Write: Read permissions + create/update resources (recommended for automation)
- Admin: Write permissions + manage API keys and organization settings
Security Settings
Security Settings
Expiration Date (Optional): Set an expiration date for automatic key rotationIP Restrictions (Optional): Limit access to specific IP addresses or ranges
- Enter one IP per line:
192.168.1.100 - Use CIDR notation for ranges:
192.168.1.0/24 - Leave empty to allow access from any IP
Step 3: Secure Your Key
After clicking Create API Key:- Copy the key immediately - it will look like
warrn_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890abcdef - Store it securely in your password manager or environment variables
- Click Done - the key will never be displayed again
Use environment variables to store your API key:
Using API Keys
Authentication Header
Include your API key in theX-API-Key header for all requests:
Rate Limits
All API keys have a default rate limit of 1,000 requests per hour. Rate limits are automatically managed for security and fair usage.Managing API Keys
Viewing API Keys
The API keys table shows:- Name & Masked Key: Descriptive name and masked version (
warrn_wo********) - Permissions: Current permission level
- Usage: Request count and last used date/IP
- Status: Active, inactive, or expired
Editing API Keys
You can update:- ✅ API key name
- ✅ Permission level
- ✅ IP restrictions
- ✅ Expiration date
- ✅ Active/inactive status
The actual API key value cannot be changed. Create a new key if you need a different key value.
Deleting API Keys
Deleting an API key immediately revokes access. Any applications using the key will stop working instantly.
- Click the Delete button (trash icon) next to the key
- Confirm the deletion in the dialog
- Update any applications using the deleted key
Security Best Practices
Key Storage
Key Storage
- Never commit API keys to version control
- Use environment variables or secure secret management
- Rotate keys regularly (set expiration dates)
- Use different keys for different environments (dev/staging/prod)
Permission Scoping
Permission Scoping
- Use the minimum required permissions for each use case
- Prefer Write over Admin permissions when possible
- Create separate keys for different applications or teams
Network Security
Network Security
- Restrict IP access when possible
- Use HTTPS only for API requests
- Monitor usage patterns for anomalies
Monitoring
Monitoring
- Regularly review API key usage in the dashboard
- Set up alerts for suspicious activity
- Disable unused keys immediately
Troubleshooting
401 Unauthorized
401 Unauthorized
403 Forbidden
403 Forbidden
Causes:
- Insufficient permissions for the requested action
- IP address not in allowed list
- Rate limit exceeded
- Check the key has required permissions (read/write/admin)
- Verify your IP is in the allowed list
- Wait for rate limit reset or contact support
Key Not Working
Key Not Working
Common issues:
- Typos in the key value
- Using a masked key instead of the full key
- Key has expired
- Wrong API endpoint URL
- Double-check the full key value (starts with
warrn_) - Verify the key hasn’t expired
- Ensure you’re using the correct API base URL