Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.esperr.com/llms.txt

Use this file to discover all available pages before exploring further.

What this page is for

Use this page when a system needs permission to send events into Esper. Typical examples:
  • Your web application.
  • Your backend API.
  • A partner integration.
  • An internal service.

What you configure for an API key

When creating a key, the console collects:
  • name: The label operators see in the dashboard.
  • trust_level: The trust level for requests signed by this key.
  • secret: The shared secret used to authenticate requests.

How this connects to the rest of the system

  • Ingest clients authenticate with API keys.
  • The Esper CLI can use the same key when api_key is configured in ~/.esper/config.yaml or passed through esper init --api-key.
  • Events are attributed to the tenant associated with the key.
Cloud OnboardingFor cloud, the API key is the main customer credential. The customer sends traffic with x-esper-api-key and waits for Esper to return the current mitigation context.
API Keys Still Need an Integration PointThe API key does not appear in requests by itself. The customer needs application code, middleware, a proxy, or a platform integration that can add the header on outbound traffic to Esper.
This means API keys remain the first operational link between tenant traffic and the policy builder.