Skip to content
YipYap Docs

API Keys

API keys allow you to interact with the YipYap API from scripts, CI/CD pipelines, and external integrations.

API keys management page

Setup Guide

Section titled “Setup Guide”
  1. Navigate to Settings > API Keys.
  2. Click New API Key.
  3. Enter a descriptive name that identifies the integration (e.g. “CI Pipeline”, “Terraform Provider”).
  4. Select only the scopes this key needs. Follow the principle of least privilege.
  5. Click Create.
  6. Copy the key immediately. It is displayed only once and cannot be retrieved later.
  7. Store the key in a secrets manager or environment variable. Never commit it to version control.

Creating an API Key

Section titled “Creating an API Key”
  1. Navigate to Settings > API Keys.
  2. Click New API Key.
  3. Enter a descriptive name (e.g. “CI Pipeline”, “Prometheus Integration”).
  4. Select the scopes the key needs.
  5. Click Create.

The key is displayed once. Copy it and store it securely. You cannot retrieve the key after closing the dialog.

Scopes

Section titled “Scopes”
ScopeDescription
monitorsRead, create, update, and delete monitors.
alertsRead, acknowledge, and resolve alerts.
escalation_policiesManage escalation policies.
notification_channelsManage notification channels.
maintenance_windowsManage maintenance windows.

Assign the minimum scopes required for each integration. This follows the principle of least privilege.

Using the API Key

Section titled “Using the API Key”

Include the key in the Authorization header of your API requests:

Terminal window
curl -H "Authorization: Bearer yy_live_abc123..." \
  https://console.yipyap.run/api/v1/monitors

Key Management

Section titled “Key Management”
  • Rotate: Create a new key, update your integrations, then delete the old key.
  • Revoke: Click the delete button next to any key to revoke it immediately. All requests using that key will fail.
  • Audit: The API Keys page shows when each key was last used.

Rate Limits

Section titled “Rate Limits”

API requests are rate-limited to 300 requests per minute per key. If you exceed this limit, the API returns 429 Too Many Requests. Implement exponential backoff in your client to handle rate limits gracefully.

Security

Section titled “Security”
  • Never commit API keys to version control.
  • Use environment variables or a secrets manager to store keys.
  • Rotate keys periodically and after any suspected compromise.