Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.devhelm.io/llms.txt

Use this file to discover all available pages before exploring further.

By the end of this guide, you’ll have an HTTP monitor securely checking an endpoint that requires authentication, with credentials stored in the DevHelm vault.
  • DevHelm CLI installed or an API token
  • An API endpoint that requires authentication
  • Credentials for that endpoint (API key, bearer token, or basic auth)

Supported auth types

DevHelm supports four authentication methods for HTTP monitors:
TypeDescriptionHeader format
bearerBearer tokenAuthorization: Bearer <token>
basicUsername + passwordAuthorization: Basic <base64>
api_keyAPI key in a query parameter or headerConfigurable
headerCustom header with a static valueAny header name

Store credentials in the vault

Never put credentials directly in your config files. Store them in the DevHelm vault: 
devhelm secrets set API_BEARER_TOKEN=your-secret-token
For YAML-based config, reference vault secrets by name from the secrets: section. For CLI-created monitors, use the --vault-secret-id flag with the vault secret’s UUID.

Create an authenticated monitor

Bearer token

secrets:
  - key: API_BEARER_TOKEN
    value: ${API_BEARER_TOKEN}

monitors:
  - name: Private API Health
    type: HTTP
    config:
      url: https://api.example.com/private/health
      method: GET
    auth:
      type: bearer
      secret: API_BEARER_TOKEN
    frequencySeconds: 60
    regions:
      - us-east

Basic auth

secrets:
  - key: ADMIN_BASIC_AUTH
    value: ${ADMIN_BASIC_AUTH}  # Set to "username:password"

monitors:
  - name: Admin Panel
    type: HTTP
    config:
      url: https://admin.example.com/health
    auth:
      type: basic
      secret: ADMIN_BASIC_AUTH
    frequencySeconds: 300
    regions:
      - us-east

API key

secrets:
  - key: VENDOR_API_KEY
    value: ${VENDOR_API_KEY}

monitors:
  - name: Third-Party API
    type: HTTP
    config:
      url: https://api.vendor.com/v1/status
    auth:
      type: api_key
      headerName: x-api-key
      secret: VENDOR_API_KEY
    frequencySeconds: 300
    regions:
      - us-east

Custom header

secrets:
  - key: INTERNAL_TOKEN
    value: ${INTERNAL_TOKEN}

monitors:
  - name: Internal Service
    type: HTTP
    config:
      url: https://internal.example.com/health
    auth:
      type: header
      headerName: X-Internal-Token
      secret: INTERNAL_TOKEN
    frequencySeconds: 60
    regions:
      - us-east

Custom headers (alternative)

For simple cases, you can also pass headers directly in the HTTP config: 
monitors:
  - name: API with Custom Header
    type: HTTP
    config:
      url: https://api.example.com/status
      customHeaders:
        X-Custom-Auth: ${CUSTOM_AUTH_TOKEN}
    frequencySeconds: 60
    regions:
      - us-east
The auth configuration is preferred over customHeaders for credentials because vault secrets are encrypted at rest and never logged.

Troubleshooting

Verify the vault secret value is correct: devhelm secrets list shows secret names but not values. Recreate the secret if in doubt.
The credentials are valid but lack permission. Check that the API key or token has read access to the health endpoint.
Some APIs restrict access by IP. Ensure DevHelm probe IPs are allowlisted. Contact support for the current probe IP ranges.

Next steps

HTTP monitor reference

Full HTTP configuration and auth details.

Monitors guide

Configure all monitor types with code examples.

Monitoring as Code

Manage authenticated monitors in YAML.