Skip to main content

API keys

All DevHelm API requests require a Bearer token in the Authorization header. API keys use the dh_live_ prefix and are scoped to your organization. 
Authorization: Bearer dh_live_xxxxxxxxxxxxxxxx

Creating an API key

  1. Open the DevHelm Dashboard
  2. Navigate to Settings → API Keys
  3. Click Create API Key and give it a descriptive name
  4. Copy the key immediately — it won’t be shown again

Required headers

Every REST API request needs two headers:
HeaderDescriptionExample
AuthorizationBearer token with your API keyBearer dh_live_abc123...
x-phelm-org-idYour organization ID1
curl https://api.devhelm.io/api/v1/monitors \
  -H "Authorization: Bearer $DEVHELM_API_TOKEN" \
  -H "x-phelm-org-id: 1"
The CLI and SDKs handle the organization header automatically when you configure them. You only need to pass it when calling the REST API directly.

Per-surface setup

CLI

The CLI resolves your API token from (in order of priority):
  1. --api-token flag
  2. DEVHELM_API_TOKEN environment variable
  3. Saved context in ~/.devhelm/contexts.json (set via devhelm auth login)
# Option A: environment variable
export DEVHELM_API_TOKEN=dh_live_xxxxxxxx
devhelm monitors list

# Option B: saved context
devhelm auth login
See CLI Authentication for details on contexts and interactive login.

TypeScript SDK

import { DevHelm } from "@devhelm/sdk";

const client = new DevHelm({
  apiToken: process.env.DEVHELM_API_TOKEN,
});
See TypeScript SDK quickstart for full setup.

Python SDK

import os
from devhelm import DevHelm

client = DevHelm(api_token=os.environ["DEVHELM_API_TOKEN"])
See Python SDK quickstart for full setup.

Terraform Provider

provider "devhelm" {
  api_token = var.devhelm_api_token  # or DEVHELM_API_TOKEN env var
}
See Terraform provider overview for full setup.

GitHub Action

- uses: devhelmhq/setup-devhelm@v1
  with:
    api-token: ${{ secrets.DEVHELM_API_TOKEN }}
See GitHub Actions integration for workflow examples.

MCP Server

{
  "mcpServers": {
    "devhelm": {
      "command": "npx",
      "args": ["-y", "@devhelm/mcp-server"],
      "env": {
        "DEVHELM_API_TOKEN": "dh_live_xxxxxxxx"
      }
    }
  }
}
See MCP server configuration for transport modes and advanced setup.

Security best practices

Store API keys in your CI/CD secrets manager or .env files that are gitignored. Never commit tokens to version control.
Create a new API key, update your environment, then revoke the old one. This can be done with zero downtime.
Create dedicated API keys for each environment. This makes it easier to audit usage and revoke keys if compromised.
Create dedicated API keys for production and staging. This makes it easier to audit usage and revoke keys if one is compromised.

Error responses

StatusMeaningCommon cause
401 UnauthorizedMissing, invalid, or revoked API keyCheck that your token starts with dh_live_ and hasn’t been revoked
403 ForbiddenValid key but insufficient permissionsThe key doesn’t have access to the requested organization
{
  "status": 401,
  "message": "Invalid or revoked API key",
  "timestamp": 1712956800000
}

Next steps

API keys management

Create, rotate, and scope API keys.

Quickstart

Create your first monitor in under 5 minutes.