API Authentication

The Tidelift API allows you to authenticate using an API key for all endpoints. There are two different types of API keys provided by Tidelift.

  • User API keys are tied to your user within Tidelift and allow you to determine the current alignment status of projects you can access, request new packages for your catalog, or lookup information about packages in your catalog. These keys should be kept private to individuals as they have all of the permissions that the user has within the Tidelift system. You can create and view API keys for your user in the Tidelift web interface under Settings->API Keys.
  • Project API keys are a more tightly-scoped type of API key suitable for use within your CI/CD process. These keys only allow you to begin a new scan for a project and check the status of those scans. It is recommended that these keys are stored in the native secret storage mechanism of your CI/CD platform. You can create and view Project API keys for each project in your Tidelift account by clicking the API Keys button at the top of each project page.

You can authorize Tidelift CLI with your user API key by running `tidelift auth`. The `tidelift scan` command requires the use of Project API key. You just to set the environment variable TIDELIFT_API_KEY with your project API key, and the CLI will then use that value for all API calls.

If you are writing your own integration with the Tidelift API, you can pass the key as the Authorization header, for example:

curl -H 'Authorization: Bearer {{api-key-example}}'

Still need help? Contact Us Contact Us