Authentication
Understanding authentication methods for the Mesh API.
Authentication Methods
API Key Authentication
The primary authentication method for programmatic access to the Mesh API.
Header Format:
x-api-key: {api_key}
x-group: groups/{group_ulid}
Key Characteristics: API keys are generated when creating API users.
- See Resource Hierarchy or IAM API User Service Reference for more.
Group Context
All API operations require a group context header that specifies which group the operation should be performed within.
Purpose:
- Provides resource isolation between different organizations
- Enforces multi-tenancy boundaries
- Ensures users can only access resources they own
SDK Configuration
For detailed information about configuring SDK clients, including advanced features like OpenTelemetry tracing, TLS support, timeout handling, and resource management, see the SDK Configuration documentation.
Security Best Practices
API Key Management
- Store API keys securely (environment variables, secret managers)
- Never commit API keys to version control
- Rotate API keys regularly
- Use different API keys for different environments
Group Context Security
- Always validate group context matches your organization
- Don't hardcode group IDs in applications
- Use environment-specific group configurations
Access Control
- Follow principle of least privilege when assigning roles
- Regularly audit API user permissions
- Deactivate unused API users promptly