Skip to main content
Agnost uses different authentication models for ingestion and dashboard/API access.

SDK ingestion

SDK ingestion endpoints under /api/v1/* use your organization ID in the x-org-id header. The org ID is also passed as org_id or write_key in SDKs. The org ID is a public routing identifier. It does not grant dashboard read access by itself.

Dashboard and API access

Dashboard API endpoints use one of these:
MethodHeadersUse case
JWTAuthorization: Bearer <jwt> and x-org-idBrowser/dashboard access after login
API keyx-api-key and optional x-org-idProgrammatic dashboard/API access
API keys use the agnost_<64-hex> format and are issued from Settings -> API Keys.

Common mistakes

  • Sending x-org-id without a JWT or API key to dashboard endpoints.
  • Using the wrong org ID when a user belongs to multiple organizations.
  • Forgetting the X-Agnost-Org-ID header on OpenTelemetry exporters.
  • Treating the org ID as a secret. Rotate API keys if they leak; org IDs are routing identifiers.