Authentication

Configure API keys and environment variables safely

All Obtrace SDKs authenticate through API keys at ingest.

Required variables

OBTRACE_API_KEY
OBTRACE_INGEST_BASE_URL
OBTRACE_TENANT_ID
OBTRACE_PROJECT_ID

Minimum security rules

Never expose server keys in client bundles.
Separate keys by environment and service.
Store keys only in a secret manager.
Validate ingestion after every key rotation.

Misconfiguration signals

401/403 during telemetry submission.
Partial telemetry across services.
Data reaching the wrong tenant/project.

On this page

Required variables Minimum security rules Misconfiguration signals