Skip to main content


The GitGuardian API uses API keys to authenticate requests.

API key creation#

Your API key can be created and revoked from the API section of your dashboard.

  1. Go to the API section of your workspace and click on Create API key.

  2. Name your key according to its use-case (for example <Service Name>-<Environment>)

  3. Choose one or several scopes for your API key.

    • scan: secrets detection capability
    • incidents
      • incidents:write: read and write incidents
      • incidents:read: read incidents
  1. Click on Create new API key

API Table

Your API key must be kept private and should neither be embedded directly in the code nor versioned in Git.

Authentication Scheme#

The GitGuardian API uses Authorization header authentication for its requests.

The Authorization header value must be prefixed with Token.

Example request using curl:

curl -H "Authorization: Token ${TOKEN}" \