API Keys - Sentry

Sentry provides several types of authentication credentials. Use the right type for your use case to follow the principle of least privilege and make token rotation easier.

Treat tokens like passwords. Never commit them to source control, include them in client-side code, or share them in chat. If a token is exposed, revoke it immediately and generate a new one.

Token types

Auth token

A personal token tied to your user account. Use for scripts, local tooling, or CI pipelines where you want actions attributed to you.

Organization auth token

A token tied to the organization, not an individual user. Use for CI/CD pipelines, automated tooling, and integrations where a specific person shouldn’t own the credential.

DSNs (Client Keys) are used only for SDK initialization — they allow your application to send events to Sentry. They are not API tokens and cannot be used to call the Sentry REST API.

Auth tokens (user tokens)

Auth tokens are scoped to your user account. Any API action performed with this token is attributed to you.

Creating an auth token

Open API token settings

Go to User Settings > API Tokens.

Create a new token

Click Create New Token.

Select scopes

Choose only the scopes your use case requires. See the scope reference below.

Copy your token

Copy the token immediately. Sentry will not show it again after you leave this page.

Organization auth tokens

Organization auth tokens are not tied to any individual user, which means they keep working when team members leave. They can optionally be scoped to a single organization.

Creating an organization auth token

Open organization auth token settings

Go to Settings > Auth Tokens.

Create a new token

Click Create New Token and give it a descriptive name (for example, ci-release-upload).

Select scopes

Choose the scopes required for your use case. Organization auth tokens use the same scope list as user auth tokens.

Copy your token

Copy the token immediately. Sentry will not show it again after you leave this page.Organization auth tokens start with the prefix sntrys_.

Scope reference

Assign the minimum set of scopes your integration needs.

Project scopes

Scope	Access
`project:read`	Read project settings, list projects
`project:write`	Modify project settings
`project:admin`	Delete projects, manage project keys
`project:releases`	Upload release artifacts and source maps
`project:distribution`	Manage release distributions

Team scopes

Scope	Access
`team:read`	List teams and team members
`team:write`	Create and modify teams
`team:admin`	Delete teams

Event scopes

Scope	Access
`event:read`	Read issues and events
`event:write`	Update issue status, add comments
`event:admin`	Delete events and issues

Organization scopes

Scope	Access
`org:read`	Read organization settings and member list
`org:write`	Modify organization settings
`org:admin`	Transfer or delete the organization
`org:integrations`	Install and configure integrations

Member scopes

Scope	Access
`member:read`	List organization members
`member:write`	Modify member settings
`member:admin`	Add and remove members
`member:invite`	Send invitations to new members

Alert scopes

Scope	Access
`alerts:read`	Read alert rules
`alerts:write`	Create and modify alert rules

Using a token in API requests

Pass your token in the Authorization header as a Bearer token on every request.

curl https://sentry.io/api/0/organizations/{organization_slug}/projects/ \
  -H "Authorization: Bearer YOUR_TOKEN"

curl
Python
Node.js

curl https://sentry.io/api/0/projects/{organization_slug}/{project_slug}/issues/ \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json"

import requests

token = "YOUR_TOKEN"
org_slug = "your-org"

response = requests.get(
    f"https://sentry.io/api/0/organizations/{org_slug}/projects/",
    headers={"Authorization": f"Bearer {token}"},
)

data = response.json()

const token = "YOUR_TOKEN";
const orgSlug = "your-org";

const response = await fetch(
  `https://sentry.io/api/0/organizations/${orgSlug}/projects/`,
  {
    headers: {
      Authorization: `Bearer ${token}`,
    },
  }
);

const data = await response.json();

Revoking tokens

Auth tokens — Go to User Settings > API Tokens, find the token, and click Revoke. Organization auth tokens — Go to Settings > Auth Tokens, find the token, and click Revoke. Revocation takes effect immediately. Any requests using a revoked token will receive a 401 Unauthorized response.

If you suspect a token has been compromised, revoke it immediately and audit recent API activity for unexpected actions before creating a replacement.

Documentation Index

​Token types

Auth token

Organization auth token

​Auth tokens (user tokens)

​Creating an auth token

​Organization auth tokens

​Creating an organization auth token

​Scope reference

​Using a token in API requests

​Revoking tokens

Token types

Auth tokens (user tokens)

Creating an auth token

Organization auth tokens

Creating an organization auth token

Scope reference

Using a token in API requests

Revoking tokens