Monitor Authentication
APIContext's authentication manager lets you define reusable authentication settings that any monitor in your project can use. Configure it once, attach it to as many monitors as you need, and APIContext handles token refresh automatically.
Configuring Monitor Authentication requires the EDITOR role or higher. See Access Roles for the full permission matrix.
APIContext currently ships two authentication interfaces that coexist: the classic Auth Settings UI (the default) and a beta UI gated behind the feature_new_auth feature flag. Unless that flag is enabled for your account, you will see the classic UI, so screenshots and captures in this section reflect the classic default.
How it works
Authentication in APIContext has two layers:
| Layer | What it is | Where you manage it |
|---|---|---|
| Auth Setting | The credential configuration (OAuth app, API key, certificate) | CONFIGURE MONITORING → Auth Settings |
| Token | The active credential derived from the setting (access token, key value) | Managed under the Auth Setting |
When you attach an Auth Setting to a monitor, APIContext automatically injects the active token — and refreshes it when it expires.
Supported authentication types
API Key
Pass a static key in a header or query parameter. Use this for services that issue long-lived API keys.
→ Setting up API key authentication
OAuth 2 (Authorization Code, Client Credentials, Device Code)
APIContext handles the OAuth flow — including token refresh — without any code. Configure the OAuth app details (Client ID, Secret, token URL, scopes) and APIContext keeps the token current.
→ Fundamentals of OAuth in APIContext → Example OAuth setup → Device Code authorization flow
Fixed Bearer Token
Provide a static Bearer token. APIContext passes it as Authorization: Bearer <token> on every request. No refresh; rotate manually.
Custom authentication (Manual)
For non-standard flows, use Manual Authentication to specify exact headers and parameters per token, save extracted values as variables, and use EXPIRES_IN to drive refresh.
Mutual TLS (mTLS)
Attach a client certificate to an Auth Setting to authenticate at the TLS layer. Upload your certificate under Certificates first.
→ Handling Mutual TLS → Upload a signing certificate
Authentication in workflows
To use a token obtained in one monitor as input to subsequent monitors, use a workflow. The sequence is:
- A monitor POSTs to the token endpoint and captures the token via Conditions.
- The captured value is saved as a variable into the Auth Token.
- Downstream monitors in the workflow use that variable.
→ Authentication in a workflow
The basics
New to authentication settings? Start here:
→ The Basics — auth settings and tokens
See also
- Access Roles — who can create and edit Auth Settings
- Set conditions on a monitor — extract values for use as variables