Authentication

Accessing resources via the Memfault API or the Memfault CLI requires authentication. There are various mechanisms available for authentication, each with subtle differences in scope and limitations.

The recommended authentication mechanism for automation is Organization Auth Tokens.

Organization Auth Token#

Requests authenticated via an Organization Auth Token can only access the resources of their respective organization. Admins can create and delete Organization Auth Tokens.

curl -u ":$ORGANIZATION_AUTH_TOKEN" https://api.memfault.com/api/v0/organizations
note

Don't forget the colon (:) in front of the token. It separates the empty username from the password.

User API Key#

Requests authenticated via an User API Key can access the resources of all the organizations a user has access to (except when SSO is required). However, they are not suitable for automation, as they will break when the user is removed from the organization.

Users can create and cycle their User API Key via Project Settings โ†’ User API Key. Even though they appear there, they are not tied to a certain project.

curl -u "$USER_EMAIL:$USER_API_KEY" https://api.memfault.com/api/v0/organizations
note

A user can use their actual password instead of an User API Key, but this is not recommended.

Project Key#

Requests authenticated via Project Keys (sometimes also referred to as "Project API Keys") have very limited access to a single project. They are meant to be used by devices that send data to Memfault and in contrast to the other mechanisms listed here not considered secrets. They can also be useful during initial development to send up coredumps from a developers machine.

A Project Key is generated automatically upon project creation. Administrators can generate and cycle the API key via an API endpoint. Every project member see the project's Project Key.

curl --header "Memfault-Project-Key: $PROJECT_KEY" ...