API & Integrations

API Keys & Authentication

Authenticate with the PingBase API using scoped API keys with SHA-256 hashing, rate limiting, and optional expiration.

Creating an API Key

Navigate to Dashboard → Settings → API Keys and click Create API Key. You'll need to provide:

Name— A descriptive name (e.g., "CI/CD Pipeline", "Monitoring Integration").

Scopes— Permissions the key grants: read:status, write:incidents, write:components, etc.

Rate Limit— Maximum requests per minute (default: 1000).

Expiration— Optional. The key will stop working after this date.

Important: The full API key is only shown once when created. Copy it immediately and store it securely. PingBase stores only a SHA-256 hash of the key.

Using API Keys

Include your API key in the Authorization header as a Bearer token:

curl -X GET https://pingbase.online/api/v1/status/your-slug \

-H "Authorization: Bearer pk_live_abc123..."

Available Scopes

Scope	Description
read:status	Read status page data, components, and incidents
write:incidents	Create and update incidents
write:components	Update component statuses
write:maintenance	Create and manage scheduled maintenance
manage:monitors	Create, update, and delete monitors
manage:webhooks	Configure webhook endpoints
read:analytics	Access analytics and metrics data

Rate Limiting

API requests are rate-limited per key. The default limit is 1000 requests per minute. When you exceed the limit, the API returns a 429 Too Many Requests response with a Retry-After header.

Public endpoints (no authentication required) are limited to 100 requests per minute per IP address.

Security Best Practices

Never commit API keys to version control. Use environment variables.
Use the minimum required scopes for each key.
Set expiration dates for keys used in temporary integrations.
Rotate keys regularly and revoke unused keys.
Monitor the "Last Used" timestamp to identify stale keys.

← Check Intervals & Thresholds

REST API Reference