Generate API token
An API token is your personal key for programmatic access to ePulz.io. It comes in handy when you want to reach the service from scripts, your own tools or a CI/CD pipeline. Through the API you can create and edit monitors, download availability data or feed measurement results into your own systems. This guide shows where to generate a token, what it looks like, where to store it safely and how to revoke it.
Where to generate a token
Tokens are tied to a specific user - every team member has their own tokens with their own permissions.
- In the dashboard open the API tokens section (path
/dashboard/api-tokens). - Click + New token.
- Enter a descriptive name that helps you recognise the token (for example CI/CD pipeline or Internal dashboard).
- The token stays valid until you revoke it - it has no fixed expiry date.
- After clicking Create the full token value is shown. Copy it right away - for security reasons you will not see it again.
What the token looks like
Every token starts with the prefix epulzio_ and has more than 40 characters in total. Example (shortened):
epulzio_2bF7nQ9k4Lm8XzR0pT3vYw5sH1cJ6dE...
The prefix lets you instantly recognise the token among other strings - for example when searching through logs or scanning repositories for a leaked key.
How to use the token
The token is sent in the Authorization HTTP header in the form:
Authorization: Bearer epulzio_xxxxxxxxxxxxxxxx
Example call from the terminal:
curl -H "Authorization: Bearer epulzio_..." https://epulz.io/api/v1/monitors
Where to store the token safely
Treat the token like a password. Never put it in publicly accessible code, documentation or chat messages.
- Locally during development: in an environment variable, for example
EPULZIO_TOKENin a.envfile (which is in.gitignore). - In CI/CD: through the secrets your platform offers (GitHub Actions secrets, GitLab CI variables, Bitbucket repository variables and so on).
- On servers: through system environment variables or a secrets manager (HashiCorp Vault, AWS Secrets Manager).
How to revoke a token
- In the token list find the one you want to revoke and click Revoke.
- Revocation takes effect immediately - further calls with this token receive a
401 Unauthorizedresponse (the token is invalid). - A revoked token cannot be restored. If you need it back, generate a new one.
Go through the list of active tokens every now and then and remove the ones you no longer use. Fewer active tokens means a smaller attack surface.