Auth Tokens

Authentication tokens are passed using an auth header, and are used to authenticate as a user or organization account with the API. In our documentation, we have several placeholders that appear between curly braces or chevrons, such as {API_KEY} or <auth_token>, which you will need to replace with one of your authentication tokens in order to use the API call effectively.

For example, when the documentation says:

curl -H 'Authorization: Bearer {TOKEN}'

If your authentication token is 1a2b3c, then the command should be:

curl -H 'Authorization: Bearer 1a2b3c'

You can create authentication tokens within Attlaz by creating an internal integration. This is also available for self-hosted Attlaz.

DSN Authentication

Some API endpoints may allow DSN-based authentication. This is generally very limited and an endpoint will describe if its supported. This works similar to Bearer token authentication, but uses your DSN (Client Key).

curl -H 'Authorization: DSN {DSN}'

API Keys


API keys are a legacy means of authenticating. They will still be supported but are disabled for new accounts. You should use authentication tokens wherever possible.

API keys are passed using HTTP Basic auth where the username is your api key, and the password is an empty value.

As an example, to get information about the project which your key is bound to, you might make a request like so:

curl -u {API_KEY}:

You must pass a value for the password, which is the reason the : is present in our example.

Need more information?

As our platform is always evolving and is full customizable, it is not possible to provide all information here. Don't hesitate to reach out to our team if you have any questions or want more information about certain topics.