API Access

Overview

DriftSensor provides a REST API for programmatic access to your monitoring data. API access is available on the Professional and MSP plans.

Authentication

All API requests are authenticated with an API key sent in the X-API-Key header:

cURL:

curl -X GET "https://api.driftsensor.com/api/v1/domains" \
  -H "X-API-Key: ds_live_your_key_here"

Python:

import requests

response = requests.get(
    "https://api.driftsensor.com/api/v1/domains",
    headers={"X-API-Key": "ds_live_your_key_here"}
)
domains = response.json()

JavaScript:

const response = await fetch("https://api.driftsensor.com/api/v1/domains", {
  headers: { "X-API-Key": "ds_live_your_key_here" }
});
const domains = await response.json();

API keys are scoped to your organization and can only access your own data.

Managing API Keys

Navigate to Settings → API Keys in the dashboard.

Creating a Key

1. Click Create API Key.
2. Fill in:

3. Click Create.

Keys follow the format ds_live_ followed by a 32-character random token. Only the first 12 characters (the prefix) are shown in the dashboard for identification.

Key Limits

You can have up to 5 API keys per account. All keys share your account's rate limits.

Key Table

Your existing keys are shown with:

• Name - Your label
• Key - The prefix only (e.g., ds_live_aBcD...)
• Permissions - Read, Write, Delete badges
• Usage - Total requests, daily limit, and last used timestamp
• Status - Active, Expired, or Revoked (with expiry date if applicable)
• Created - When the key was created

Rotating a Key

Click Rotate to generate a new key while keeping the old one active for a 24-hour grace period. This lets you update your applications without downtime.

1. The new key is created and shown (copy it immediately).
2. The old key continues working for 24 hours.
3. After 24 hours, the old key is automatically deactivated.

Revoking a Key

Click Revoke to immediately and permanently deactivate a key. Applications using this key will stop working instantly. This action cannot be undone.

Rate Limits

Rate limits are enforced at three levels:

All keys on your account share the hourly and daily limits. When you exceed a rate limit, the API returns HTTP 429 (Too Many Requests) with a descriptive error message.

Only successful requests (HTTP status < 400) count toward your limits.

Account Usage Summary

The API Keys page shows your usage overview:

• Total Requests - Lifetime count across all keys
• Active Keys - Current key count out of 5 maximum
• Account Daily Limit - Your plan's daily request allowance

Available Endpoints

List Domains

GET /api/v1/domains

Returns your monitored domains with pagination, search, and filtering support.

Query Parameters:

Example:

curl -X GET "https://api.driftsensor.com/api/v1/domains?limit=10&status=active" \
  -H "X-API-Key: ds_live_your_key_here"

Key Lifecycle

1. Create - Generate a new key, copy the full key immediately.
2. Use - Send requests with X-API-Key header, usage is tracked.
3. Rotate - Seamlessly replace a key with a 24-hour grace period for the old one.
4. Revoke - Immediately deactivate a key. Permanent and irreversible.
5. Expire - Keys with an expiration date are automatically deactivated when they expire.

Access Restrictions

• Read Only users can view API keys but cannot create, rotate, or revoke them.
• MSP sub-customers cannot access the API directly - API access is managed by the MSP administrator.
• Free and Standard plans see an upgrade prompt instead of the API keys interface.