Authentication

Configure API keys and environment variables safely

All Obtrace SDKs authenticate through API keys at ingest.

Required variables

OBTRACE_API_KEY
OBTRACE_TENANT_ID
OBTRACE_PROJECT_ID

Recommended additional identity fields:

OBTRACE_ENV
OBTRACE_SERVICE_VERSION
language/runtime specific app_id and service_name

Identity rule:

app_id and service_name must match the connected app in the project.
If you need a runtime-specific name such as web, configure it as an explicit alias of the canonical app, such as core.
Values outside the canonical app name and configured aliases are treated as invalid scope.

The ingest core accepts SDK traffic on:

POST /otlp/v1/logs
POST /otlp/v1/traces
POST /otlp/v1/metrics

Minimum security rules

Never expose server keys in client bundles.
Separate keys by environment and service.
Store keys only in a secret manager.
Validate ingestion after every key rotation.

Misconfiguration signals

401/403 during telemetry submission.
Partial telemetry across services.
Data reaching the wrong tenant/project.

On this page

Required variables Minimum security rules Misconfiguration signals