Help & guides ›
Advanced monitors
› Custom HTTP headers for auth
Custom HTTP headers for auth
3 min read · Advanced monitors
Custom HTTP headers for authentication
3 min read
Some API endpoints require authentication via Bearer token, API key or HMAC signature. Custom headers enable monitoring of protected endpoints.
Configuration
In the HTTP monitor detail, the Advanced tab, Custom headers:
Authorization: Bearer plz_a1b2c3d4...
X-API-Key: sk_live_abc123
User-Agent: ePulz.io-Monitor/1.0One header per line, format Name: Value.
Common uses
- Bearer token:
Authorization: Bearer <TOKEN> - Basic auth:
Authorization: Basic dXNlcjpwYXNz(base64 of user:pass) - API Key in custom header:
X-API-Key: ... - Custom User-Agent: identification in server logs (so your dev team knows it is not an attack)
Security recommendations
- Create a dedicated read-only token - not an admin token. If the monitoring leaks, your production data does not leak with it.
- Rotate the token once every 3-6 months even when you have no suspicion
- The token is stored in the DB as plain text (because it needs to be sent on every check). Do not use production master credentials.
- Headers are shown only to the admin during editing. In logs the value is masked to the first 6 characters + "...".