Authentication Options for Monitors

Authentication Options for Monitors

If the endpoint you want to monitor requires authentication, PulseAPI needs to send credentials with each check. This article explains the supported authentication methods and how to configure them.

Option 1: Basic Authentication

Basic auth sends a username and password encoded in the Authorization header.

When to use: Endpoints protected with HTTP Basic Authentication (common in older APIs and some internal tools).

How to configure:

  1. Open the monitor form (create or edit).
  2. In the Advanced section, find Authentication.
  3. Select Basic Auth.
  4. Enter your Username and Password.
  5. Save the monitor.

PulseAPI automatically encodes the credentials and sends them as:

Authorization: Basic base64(username:password)

Option 2: Bearer Token

Bearer token sends a token in the Authorization header. This is the most common authentication method for modern APIs and JWTs.

When to use: APIs that use OAuth 2.0, JWT tokens, or any "bearer token" scheme.

How to configure:

  1. In the Authentication section, select Bearer Token.
  2. Enter the token value (without the "Bearer" prefix — PulseAPI adds it).
  3. Save the monitor.

PulseAPI sends:

Authorization: Bearer your-token-here

Option 3: API Key in a Custom Header

Some APIs use a custom header name for API key authentication (e.g., X-API-Key).

How to configure:

  1. Leave Authentication as none.
  2. In the Headers section, click Add Header.
  3. Set the Name to your API's expected header name (e.g., X-API-Key).
  4. Set the Value to your API key.
  5. Save the monitor.

See Adding Request Headers to a Monitor for detailed instructions.

Option 4: API Key in a Query Parameter

Some APIs accept the API key as a query parameter in the URL.

How to configure:

  1. Include the API key directly in the monitor URL.

Example:

https://api.yourapp.com/health?api_key=your-key-here

Security Considerations

  • Authentication credentials are stored securely and not displayed in plain text after saving
  • Use credentials with the minimum permissions needed for a health check — ideally a read-only or monitoring-specific token
  • Rotate tokens periodically; update the monitor's credentials when you rotate
  • If you're using a JWT with an expiry, make sure to update the monitor before the token expires — expired tokens cause check failures

Related Articles

Still have questions? Contact support.

    • Related Articles

    • Creating a Monitor

      This article explains how to add a new monitor (endpoint) to PulseAPI. After completing these steps, PulseAPI will begin checking the URL on your configured schedule and alert you if it goes down. Prerequisites: You must be a team Owner, Admin, or ...

    • Monitor Settings Reference

      This article describes every field in the monitor create/edit form. Use it as a reference when configuring a monitor or troubleshooting unexpected behavior. Basic Settings Name A label for the monitor. Appears in the dashboard, incident ...

    • Adding Request Headers to a Monitor

      Some endpoints require specific HTTP headers to respond correctly — for example, an Authorization header for authenticated endpoints or a Content-Type header when sending JSON. This article explains how to add custom headers to a monitor. Adding ...

    • Searching and Filtering Monitors

      When you have many monitors, the search and filter tools help you find specific ones quickly. Searching by Name or URL On the Monitors list page, a search bar appears at the top. Type any part of a monitor's name or URL. The list filters in real time ...

    • Organizing Monitors with Projects

      This article covers best practices for using projects to keep your monitor list manageable as your team scales. Best Practices for Project Organization Keep the Number of Projects Small at First Start with 2–4 projects. Having too many fine-grained ...