API Authentication

The Tidelift API allows you to authenticate using an API key for all endpoints. There are two different types of API keys provided by Tidelift.

  • User API keys are tied to your user within Tidelift and allow you to determine the current alignment status of repositories you can access, request new packages for your catalog, or lookup information about packages in your catalog. These keys should be kept private to individuals as they have all of the permissions that the user has within the Tidelift system.You can create and view API keys for your user in the Tidelift web interface under Settings->API Keys. (Note that user API keys require version 0.8.0 of the Tidelift CLI)
  • Repository API keys are a more tightly scoped type of API key suitable for use within your CI/CD process. These keys only allow you to begin a new scan for a repository and check the status of those scans. It is recommended that these keys are stored in the native secret storage mechanism of your CI/CD platform. You can create and view API keys for each repository in your Tidelift account by clicking the API Keys button at the top of each repository.

To make use of these API keys with the Tidelift CLI, you just need to set the environment variable TIDELIFT_API_KEY and the CLI will then use that value for all API calls.

If you are writing your own integration with the Tidelift API, you can pass the key as the Authorization header, for example:

curl -H 'Authorization: Bearer repository/{{api-key-example}}'

Still need help? Contact Us Contact Us