Authentication, Scopes, Rate-Limiting

Authentication

The REST API uses API-token based authentication. As an admin of your Tideways organization you can create API Tokens that have access to the single organization they are created on. Tokens are not connected to other organizations of the user.You can generate API tokens from the "Organizations" and then "API Access" settings menu that is reachable from the dropdown menu in the top right. In the api access settings screen click on "Generate API Token" to find a form that asks for a description of the purpose the token is used for your own reference and what scopes the token should have (see below for explanation)

Important: After generating, the API token is only showed to you once. You should copy it to a password manager or password vault mechanism within your company for future access.

Once you have an API token, you must send it as a HTTP Header with every request to the API:

Authorization: Bearer YourTokenHere

If you are using cURL for example on the commandline, you can do this the following way:

curl -H "Authorization: Bearer YourTokenHere" https://app.tideways.io/apps/api/{organization}/{application}/errors

Scopes

Every token can be assigned one ore several access scopes that limit the access to a subset of the API:

  • Metrics Scoped tokens can access performance, errors and history API.
  • Traces Scoped tokens can access trace data API.
  • Errors Scoped token can access error/exception data API.
  • Deployment Automation scoped tokens can access the deployment API.

Rate-Limiting

We are rate-limiting the access to the Tideways API, because several of the methods can be computationally heavy. After the limit is reached a HTTP 429 error is thrown until the hour is passed.

The rate limit depends on the license of the application:

License Number of API Requests per Hour
Pro 2500
Standard 1000
Basic 250
Other Licenses 100

Whenever you make a request to the Tideways API, the server will return the rate limit and the current remaining requests for the hour as HTTP headers in the response:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 989
X-RateLimit-Reset: 1526295600

Resources and Endpoints

Every resource in the REST API has its own documentation page:

  • The Performance Metrics API allows access to current performance of applications, services, environments and transactions summarized by time or other dimensions.
  • The Errors API allows access to recent error data.
  • The History API allows access to the aggregated daily, weekly, monthly history of application performance.

Still need help? Write [email protected]com Write [email protected]