Skip to main content
The DevTune API uses API keys for authentication. Each key is scoped to a single project and must be included in the Authorization header of every request.

Creating an API Key

  1. Navigate to your team’s Settings page
  2. Click API Keys in the sidebar
  3. Click Create API Key
  4. Enter a name for the key (e.g., “CI/CD Pipeline” or “BI Dashboard”)
  5. Select the project the key should access
  6. Click Create API Key
After creation, the full key is displayed once. Copy it immediately and store it securely. You will not be able to view the full key again.

Key Format

API keys follow this format: 
dtk_live_<64 hex characters>
For example: dtk_live_a1b2c3d4e5f6... Only the first few characters (dtk_live_a1b2...) are stored as a prefix for identification in the dashboard.

Using Your API Key

Include the key in the Authorization header with the Bearer prefix: 
curl -H "Authorization: Bearer dtk_live_your_key_here" \
  "https://devtune.ai/api/v2/projects/YOUR_PROJECT_ID/visibility/summary"

Example with JavaScript

const response = await fetch(
  'https://devtune.ai/api/v2/projects/YOUR_PROJECT_ID/visibility/summary',
  {
    headers: {
      Authorization: 'Bearer dtk_live_your_key_here',
    },
  },
);

const { data, meta } = await response.json();

Example with Python

import requests

response = requests.get(
    "https://devtune.ai/api/v2/projects/YOUR_PROJECT_ID/visibility/summary",
    headers={"Authorization": "Bearer dtk_live_your_key_here"}
)

result = response.json()
print(result["data"])

Key Security

  • Keys are hashed with SHA-256 before storage. DevTune never stores the raw key.
  • Each key is scoped to exactly one project. It cannot access data from other projects.
  • Requests with an invalid, expired, or revoked key receive a generic 401 Unauthorized response.

CORS Support

The API supports Cross-Origin Resource Sharing (CORS) for browser-based integrations. Requests from any origin are accepted when a valid API key is provided.

Revoking a Key

To revoke an API key:
  1. Go to Settings > API Keys
  2. Find the key in the list
  3. Click the revoke button (trash icon)
  4. Confirm the revocation
Revoked keys stop working immediately. This action cannot be undone.

Who Can Manage API Keys

Only team members with the settings.manage permission can create or revoke API keys. This typically includes team owners and admins.