The recommended authentication mechanism for automation is Organization Auth Tokens.
Requests authenticated via an Organization Auth Token can only access the resources of their respective organization. Admins can create and delete Organization Auth Tokens.
Don't forget the colon (
:) in front of the token. It separates the empty
username from the password.
Requests authenticated via an User API Key can access the resources of all the organizations a user has access to (except when SSO is required). However, they are not suitable for automation, as they will break when the user is removed from the organization.
Users can create and cycle their User API Key via Project Settings → User API Key. Even though they appear there, they are not tied to a certain project.
A user can use their actual password instead of an User API Key, but this is not recommended.
Requests authenticated via Project Keys (sometimes also referred to as "Project API Keys") have very limited access to a single project. They are meant to be used by devices that send data to Memfault and in contrast to the other mechanisms listed here not considered secrets. They can also be useful during initial development to send up coredumps from a developers machine.
A Project Key is generated automatically upon project creation. Administrators can generate and cycle the API key via an API endpoint. Every project member see the project's Project Key.