Docs/Integrations/API Access Keys

API Access Keys

Create and manage API access keys for programmatic access to DryRun Security.

Overview

API access keys allow you to authenticate with the DryRun API for programmatic access to DryRun Security. Use API keys to integrate DryRun Security into your CI/CD pipelines, custom tooling, or automation workflows.

Creating an API Key

Navigate to Settings > Access Keys in the sidebar at app.dryrun.security. The Access Keys page provides two sections:

  • API Keys - Create and manage API keys for your applications. Click + Generate New API Key to create a new key.
  • Your API Keys - View and manage your existing API keys. You can revoke any key at any time.
Keep your API keys secure. Treat API keys like passwords. Never share them in public repositories, client-side code, or unsecured locations. If a key is compromised, revoke it immediately from the Access Keys page.

The API key must be scoped to at least one account. One API key can be used to access more than one account. After creating the key, copy it to a safe place - it will not be shown again.

Using API Keys

Send your API key in the Authorization header using the Bearer scheme:

Authorization: Bearer dryrunsec_**********************

Key Management

  • Rotate keys regularly - Generate a new key and revoke the old one periodically.
  • Use descriptive names - Name keys after their use case for easy identification.
  • Revoke unused keys - Delete keys that are no longer in use from the API Keys settings page.
  • Never commit keys to source control - Use environment variables or secret management tools.

Rate Limits

API keys are subject to rate limits to ensure platform stability. Current limits are displayed in the API Keys settings page. If you need higher limits, contact DryRun Security support.