Skip to main content

API Keys

All API requests require authentication using an API key. Include your key in the X-API-Key header: 
curl "https://kodostatus.com/api/v1/incidents" \
  -H "X-API-Key: your_api_key_here"

Getting Your API Key

  1. Log in to your Dashboard
  2. Navigate to Settings > API
  3. Click Generate API Key
  4. Copy and securely store your key
API keys grant full access to your organization. Keep them secret and never commit them to version control.

Environment Variables

We recommend storing your API key in environment variables: 
# .env
KODO_API_KEY="your_api_key_here"

Rate Limits

EndpointLimit
Standard endpoints1,000 requests/minute
Heartbeat endpoint10,000 requests/minute
Beacon endpointNo limit
Rate limit headers are included in all responses: 
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1704844800

Public Endpoints

Some endpoints don’t require authentication:
  • POST /heartbeat/:monitorId - Send heartbeat pings
  • GET /heartbeat/:monitorId - Check heartbeat status
  • POST /beacon - Report client-side events (requires beacon key)
  • POST /metrics/ingest - Push metrics (API key in body)
These endpoints use alternative authentication methods like monitor IDs or beacon public keys.