Authentication
GitHub OAuth flow
Section titled “GitHub OAuth flow”UptimeMonitoring uses GitHub OAuth exclusively. No email, no password.
- Visit app.uptimemonitoring.com
- Click “Sign in with GitHub”
- Authorize the UptimeMonitoring app
- You’re in — create your first API key
API key format
Section titled “API key format”All API keys use the umk_live_ prefix followed by a random string:
Authorization: Bearer umk_live_abc123def456...The prefix makes keys easy to identify in logs and secret scanners.
Multiple keys by environment
Section titled “Multiple keys by environment”Use separate keys for different environments and tools:
ci-prod— for GitHub Actions and deploy pipelineslocal-dev— for development and testingmcp-claude— for your MCP integrationmcp-cursor— for Cursor
Each account supports up to 10 API keys.
Rotation and grace window
Section titled “Rotation and grace window”When you rotate a key:
- A new key is issued immediately
- The old key remains valid for a 5-minute grace window
- After grace, the old key is permanently revoked
This prevents downtime during key rotation in automated systems.
Common auth errors
Section titled “Common auth errors”The error envelope is flat: {"error": "<message>"}. Match on the HTTP status; the message is the literal validator output.
| Status | Message | Meaning |
|---|---|---|
| 401 | missing authorization | Authorization header absent |
| 401 | invalid credentials | API key not recognised or revoked |
| 403 | account suspended; contact support | Account suspended (e.g. by the port-scan heuristic). Returned on regular /api/v1/* calls. |
| 403 | forbidden | Admin-only route hit by a non-admin caller. Opaque on purpose — does not disclose whether the route exists. |
Note: 401 responses currently carry Content-Type: text/plain even though the body is valid JSON. Parse the body as JSON regardless; this discrepancy is being fixed on the API side (see monitive/uptimemonitoring-api).