DeepTracer
API Reference

Authentication

How to authenticate with the DeepTracer API using project-scoped API keys.

Every request to the DeepTracer ingestion API requires an API key. Keys are scoped to a single project — all data sent with that key appears under that project in your dashboard.

API key format

DeepTracer API keys follow this pattern:

dt_1a2b3c4d5e6f7a8b9c0d1e2f
  • Prefix: dt_
  • Body: 24 hexadecimal characters (12 random bytes)
  • Total length: 27 characters

How to authenticate

Include your API key in the Authorization header as a Bearer token:

curl -X POST https://ingest.deeptracer.dev/ingest/logs \
  -H "Authorization: Bearer dt_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"service": "my-app", "logs": [{"level": "info", "message": "hello"}]}'

If the key is missing or invalid, you'll get a 401 Unauthorized response:

{ "error": "Missing or invalid API key" }

Where to get your key

Open the dashboard

Go to app.deeptracer.dev and sign in.

Click Settings in the sidebar, then open the API Keys tab.

Copy your key

Your project's API key is shown here. Click to copy it.

Each project gets one API key. If you need a new key (for example, if the old one was leaked), revoke the current key and a new one will be generated.

One key, everywhere

DeepTracer uses a single API key per project. The same key works for:

  • Server-side code — Node.js, API routes, background jobs
  • Browser-side code — React apps, Next.js client components

No public/secret key split. This works like a Sentry DSN — one key that identifies your project.

Environment variables

Set these in your .env.local (or your deployment platform's environment variables):

.env.local
# Server-side (Node.js, API routes)
DEEPTRACER_KEY=dt_your_api_key_here

# Client-side (browser, React components)
NEXT_PUBLIC_DEEPTRACER_KEY=dt_your_api_key_here

Both variables should use the same key. The NEXT_PUBLIC_ prefix is a Next.js convention that makes the variable available in browser code.

Revoking keys

You can revoke an API key from the dashboard at any time:

  1. Go to Settings > API Keys
  2. Click Revoke next to your key
  3. Confirm the action

Revocation is a soft delete — the key immediately stops working, but historical data sent with that key is preserved. A new key is generated automatically for the project.

Allowed origins

For browser requests, you can restrict which domains are allowed to send data with your API key. This prevents other websites from using your key.

Configure allowed origins in your project settings:

SettingBehavior
Empty list (default)All origins allowed
One or more domainsOnly requests from those domains are accepted

Server-to-server requests (no Origin header) are always allowed, regardless of this setting.

If a browser request comes from a blocked origin, the API returns 403 Forbidden:

{ "error": "Origin not allowed" }

Security notes

  • API keys are stored as SHA-256 hashes in the database — DeepTracer never stores your raw key after initial creation
  • Only the dt_ prefix is stored for display purposes
  • Keys are cached for 60 seconds on the ingestion side for performance
  • If you suspect a key has been compromised, revoke it immediately from the dashboard

Slack Alerts

Get notified on Slack when something breaks in production.

Ingestion API

Full reference for the DeepTracer ingestion endpoints — logs, errors, traces, LLM usage, and Vercel log drains.

On this page

API key formatHow to authenticateWhere to get your keyOpen the dashboardNavigate to SettingsCopy your keyOne key, everywhereEnvironment variablesRevoking keysAllowed originsSecurity notes