API Reference

Authentication

❗️

Keep your API Key Secure!

Your API key holds a high level of access with the capability to execute actions as an administrator. This means if this key is compromised, it could result in the exposure of highly sensitive data and/or potential unauthorized modifications.

Treat this key as you would your most sensitive passwords:

  • Never share it over insecure communication channels.
  • Avoid storing it in plain text.
  • Only share the key on a need-to-know basis, and only with trusted individuals.

If you believe your API key has been compromised, it can be deleted from the company admin page if you have the company IT administrator role in Graphite. More information on this process can be found here

If you do not have permission to delete API keys, and cannot get in touch with one of your company IT administrators, please reach out to [email protected] immediately.

OAUTH 2.0 Tokens

For security, the Graphite Public API utilizes a bearer token scheme with 24 hour expiration. In order to send requests, you will need to provide this token in an Authentication header.

Authentication: Bearer <token>

Api Key Format

The format of the Graphite issues API Key consists of 3 parts. The format is described below

US1234.acdc12345678.aaaaaf8bbbbbbbb90ecccccccc4ddddd

US1234.acdc12345678.aaaaaf8bbbbbbbb90ecccccccc4ddddd
 -^^-       -^^-                 -^^-  
Graphite   Key ID               Key Secret 
  ID

Generating OAUTH Tokens

OAuth 2.0 authentication follows the client authentication flow and uses the Graphite issued API Key as the client ID and client secret. You can get the OAuth 2.0 bearer token by making a request to the POST /oauth/token endpoint.

The Client ID is the Graphite ID concatenated with the Key ID, or in the example in the example above, US1234.acdc12345678

The Client Secret is the Key Secret, or in the example above, aaaaaf8bbbbbbbb90ecccccccc4ddddd

Example Request:

curl --location --request POST 'https://poc.projectgraphite.com/api/oauth/token' \
  --header 'Content-Type: application/json' \
  --data-raw '{"client_id": "US1234.acdc12345678", "client_secret": "aaaaaf8bbbbbbbb90ecccccccc4ddddd", "grant_type": "client_credentials"}'