Authentication, Scopes, Rate-Limiting

Authentication

The REST API uses API token-based authentication. As an admin of your Tideways organization, you can create API tokens that have access to the single organization they are created on. Tokens are not connected to other organizations of the user.

You can generate API tokens from the "Organizations" and then "API Access" settings menu, that is reachable from the dropdown menu in the top right. In the API access settings screen, click on "Generate API Token" to view the form that asks for a description of the purpose the token is used for your own reference and what scopes the token should have (see below for an explanation)

image
After generating, the API token is only showed to you once. You should copy it to a password manager or password vault mechanism within your company for future access.

Once you have an API token, you must send it as an HTTP Header with every request to the API, for example:

Authorization: Bearer YourTokenHere

If you are using cURL, for example on the command line, you can do this the following way:

curl -H "Authorization: Bearer YourTokenHere" https://app.tideways.io/apps/api/{organization}/{application}/errors

Scopes

: Every token can be assigned one ore several access scopes that limit the access to a subset of the API:

Metrics

Scoped tokens can access performance, errors and history API.

Traces

Scoped tokens can access trace data API.

Errors

Scoped token can access error/exception data API.

Deployment

Automation scoped tokens can access the deployment API.

Rate-Limiting

We rate-limit access to the Tideways API, because several of the methods can be computationally intensive. After the limit is reached, an HTTP 429 error is thrown, until the hour is passed.

The rate limit depends on the license of the application.

License

Number of API Requests per Hour

Pro

2500

Standard

1000

Basic

250

Other Licenses

100

Whenever you make a request to the Tideways API, the server will return the rate limit and the current remaining requests for the hour as HTTP headers in the response. For example:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 989
X-RateLimit-Reset: 1526295600

Resources and Endpoints

Every resource in the REST API has its own documentation page:

  • The Performance Metrics API allows access to current performance of applications, services, environments and transactions summarized by time or other dimensions.

  • The Errors API allows access to recent error data.

  • The History API allows access to the aggregated daily, weekly, monthly history of application performance.

Still need help? Email [email protected]