Security
API keys
| Prefix | Usage |
|---|---|
f0_live_* | Production API keys |
Scopes
| Scope | Permissions |
|---|---|
read | List, verify, export, stream |
write | Ingest events (POST /v1/events*) |
403 forbidden.
Authentication surfaces
| Surface | Auth mechanism |
|---|---|
| Audit ingest | Bearer API key (write) |
| Audit reads | API key or dashboard JWT (DualAuth) |
| SSE stream | API key or single-use SSE ticket |
| Share links | Share bearer token |
Dashboard /v1/me/* | Better Auth JWT |
Telemetry /api/v1/* | Bearer API key (write for ingest; read for queries) |
Key rotation
- Create a new key in Settings → API Keys
- Deploy the new key to your agents
- Revoke the old key - revoked keys return
401immediately
Share links
Read-only public share links allow secure access to a specific subset of audit events. The generated link URL embeds a secure one-time secret token (e.g.,shr_ULID_SECRET) which authorizes the auditor’s browser to fetch the compliant views. Access can be revoked at any time from the dashboard.