Authentication

Keymate uses API keys to authenticate requests. This guide explains how to manage and use your API keys securely.

API Keys

Getting an API Key

1. Log in to your Keymate account
2. Navigate to Settings > API Keys
3. Click "Generate New Key"
4. Copy the key immediately (it won't be shown again)

Using API Keys

Include your API key in the request header:

Authorization: Bearer your_api_key

Example using curl:

curl -X POST https://api.keymate.ai/v1/scan \
  -H "Authorization: Bearer your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"repository": "my-repo"}'

Security Best Practices

1. Never commit API keys to version control

   • Use environment variables
   • Use secret management services
   • Use configuration files (not in version control)

2. Rotate keys regularly

   • Generate new keys every 90 days
   • Revoke old keys after rotation

3. Use key scoping

   • Create keys with minimal required permissions
   • Use different keys for different environments

4. Monitor key usage

   • Regularly check key usage logs
   • Set up alerts for suspicious activity

Key Management

Creating Scoped Keys

# Create a key with read-only access
keymate key create --scope read

# Create a key with specific permissions
keymate key create --scope scan,monitor

Revoking Keys

# Revoke a specific key
keymate key revoke key_id

# Revoke all keys
keymate key revoke-all

Next Steps

• API Overview
• API Endpoints
• Security Best Practices