Skip to content
TechWatchAlert

Authentication

The TechWatchAlert API uses API keys as Bearer tokens. No session or cookie is required — a single key is enough for all requests.

Prerequisites

Section titled “Prerequisites”

API access is restricted to the PRO plan. On BASIC and PLUS plans, /v1/ endpoints return a 403 error.

Creating an API Key

Section titled “Creating an API Key”
  1. Log in to app.techwatchalert.com
  2. Open Settings (icon in the top right)
  3. Go to the API Keys tab
  4. Click + New key and give it a descriptive name (e.g. CI GitHub, SIEM Splunk)
  5. Copy the displayed key — it will only be shown once

Keys have the format twa_ followed by 43 alphanumeric characters (~256 bits of entropy).

Using the Key

Section titled “Using the Key”

Add the Authorization header to every request:

GET /api/v1/me HTTP/1.1
Host: app.techwatchalert.com
Authorization: Bearer twa_your_key_here

Examples

Section titled “Examples”

curl

Fenêtre de terminal
curl -H "Authorization: Bearer twa_your_key_here" \
  https://app.techwatchalert.com/api/v1/me

Python (httpx)

import httpx


API_KEY = "twa_your_key_here"
BASE_URL = "https://app.techwatchalert.com/api/v1"


headers = {"Authorization": f"Bearer {API_KEY}"}


with httpx.Client(headers=headers) as client:
    me = client.get(f"{BASE_URL}/me").json()
    print(me)

JavaScript (fetch)

const API_KEY = process.env.TWA_API_KEY;
const BASE_URL = 'https://app.techwatchalert.com/api/v1';


const res = await fetch(`${BASE_URL}/me`, {
  headers: { Authorization: `Bearer ${API_KEY}` },
});
const data = await res.json();

GitHub Actions

- name: Check CVE alerts
  env:
    TWA_API_KEY: ${{ secrets.TWA_API_KEY }}
  run: |
    curl -sf \
      -H "Authorization: Bearer $TWA_API_KEY" \
      "https://app.techwatchalert.com/api/v1/projects" | jq .

Revoking a Key

Section titled “Revoking a Key”

From Settings → API Keys, click the delete icon next to the key. Revocation is immediate — any request using that key will receive a 401 error.

Limits

Section titled “Limits”
  • Maximum 10 active keys per user
  • The last_used_at timestamp is updated on every call (visible in the API Keys tab)

Authentication Errors

Section titled “Authentication Errors”
CodeDetailLikely cause
401Clé API manquante ou invalideMissing Authorization header or value doesn’t start with twa_
401Clé API invalide ou révoquéeUnknown or deactivated key
401Utilisateur introuvableAccount deleted or deactivated
403Accès API non disponible sur votre planBASIC or PLUS plan — upgrade required