Coming Soon - API authentication is currently in development. This documentation is prepared in advance for the upcoming release.

Overview

API keys will provide programmatic access to Watchman Tower. Each key will:
  • Grant account access with configurable permissions
  • Remain active until revoked
  • Be revocable at any time
  • Require secure storage

Base URL

All API requests will be made to: 
https://api.watchmantower.com/public/v1

Authentication Method

API keys will be passed via the Authorization header: 
GET /public/v1/sites HTTP/1.1
Host: api.watchmantower.com
Authorization: Bearer wmt_api_a1b2c3d4e5f6g7h8i9j0...
Or using the custom header: 
GET /public/v1/sites HTTP/1.1
Host: api.watchmantower.com
x-api-key: wmt_api_a1b2c3d4e5f6g7h8i9j0...

Key Format

API keys will follow this format: 
wmt_api_[48 characters of alphanumeric]
Example: 
wmt_api_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2

Generating API Keys

API keys will be generated through:
  1. Dashboard: Settings → API Keys → Generate New Key
  2. API Endpoint: Create keys programmatically (requires existing key)
Each key will have:
  • Name: Descriptive identifier (e.g., “CI/CD Pipeline”, “Production”)
  • Permissions: Read-only or full access
  • Expiration: Optional expiration date
  • IP Whitelist: Optional IP restrictions (Enterprise)

Key Permissions

Read-Only Access

Will allow:
  • List and view monitors
  • Get monitor status and metrics
  • View incidents and history
  • Access uptime data
Will not allow:
  • Creating or modifying monitors
  • Changing alert settings
  • Managing team members
  • Deleting resources

Full Access

Will allow:
  • All read operations
  • Create, update, delete monitors
  • Configure alerts and integrations
  • Manage account settings

Security Best Practices

Environment Variables

Store keys in environment variables, never in source code

Separate Keys

Use different keys for different services and environments

Minimum Permissions

Use read-only keys when write access isn’t needed

Regular Rotation

Rotate keys every 90 days or when team members change

Monitor Usage

Review key usage regularly and revoke unused keys

Never Commit

Add keys to .gitignore and use placeholder values in version control

Rate Limiting

API keys will be subject to rate limits based on your plan:
PlanRate Limit
Free100 requests/hour
Solo500 requests/hour
Team2,000 requests/hour
Stack10,000 requests/hour
Rate limit information will be included in response headers: 
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 987
X-RateLimit-Reset: 1700583600

Error Responses

Authentication errors will return standard HTTP status codes:
StatusCodeDescription
401UNAUTHORIZEDInvalid or missing API key
403FORBIDDENInsufficient permissions for operation
429RATE_LIMITEDRate limit exceeded
Example error response: 
{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid API key"
  }
}

Get Notified

Want to be notified when API authentication becomes available? 👉 Join the waitlist to get early access and updates.

Next Steps

API Overview

Learn about the API

Create Site

Create a new monitoring site

Dashboard

Use the web dashboard (available now)

Webhooks

Learn about webhooks (coming soon)