Skip to main content
Argus uses two different authentication mechanisms depending on what you are doing. Dashboard operations — querying projects, issues, alerts, and usage — use session-cookie authentication established via a login request. SDK event ingest uses a DSN public key passed in a request header. Choose the right mechanism for your use case before making your first request.

Session Authentication

Most API endpoints require an active session. Establish a session by sending your credentials to the login endpoint — Argus sets a session cookie in the response. Include that cookie in every subsequent request. Log in and save the session cookie:
Use the saved cookie in subsequent calls:
  • Browsers handle cookies automatically — no extra configuration needed.
  • Programmatic clients (scripts, server-side code) must use a cookie jar (e.g. -c/-b flags in curl, a requests.Session() in Python, or equivalent) or manually copy the Set-Cookie value into a Cookie header.
  • Any session-protected endpoint returns 401 with the message "You need to be logged in!" if the cookie is missing or expired.
Argus runs behind a reverse proxy in production. Cookies are marked Secure and SameSite=Lax in that environment, so make sure your client sends requests over HTTPS.

Registration and Email Verification

New accounts require email verification via a one-time passcode (OTP) before you can log in. Step 1 — Create the account:
A 6-character alphanumeric OTP is sent to the email address you provided. The OTP expires after 10 minutes. Step 2 — Verify your email:
Step 3 — Log in: Once your email is verified, log in with POST /api/v1/auth/login as shown in Session Authentication above. Resend an expired OTP:
POST /api/v1/auth/send-otp returns 400 if the email address has already been verified. Use it only to request a fresh OTP for an unverified account.

OAuth Login

Argus supports signing in with Google and GitHub. OAuth flows are browser-based — initiate them from the dashboard login page by clicking Sign in with Google or Sign in with GitHub. After a successful OAuth callback, Argus sets the same session cookie used by password-based login, so all subsequent API calls work identically.
OAuth accounts are linked by email address. If you registered with a password and later sign in with Google using the same email, Argus creates a separate OAuth-linked account record. Use the same sign-in method consistently.

DSN Authentication

The event ingest endpoint does not use session cookies. Instead, it authenticates requests using your project’s DSN public key. Ingest endpoint:
Pass the public key in the X-Sentry-Auth request header:
Alternatively, you can pass it as a query parameter:
Find your public key in the DSN string. Your DSN looks like this:
Extract the segment between https:// and @ — that is your public key.
The DSN public key only grants permission to send events to a specific project. It cannot read issues, access project settings, or perform any other API operation. Do not confuse it with session credentials.
If you are using an Argus SDK, the SDK reads your DSN and attaches the X-Sentry-Auth header to every ingest request automatically. You only need to handle this manually when building a custom integration.

Getting the Current User

Retrieve your authenticated user profile and organization details with:
The response data object includes your user fields plus an organization object containing your org’s id, name, slug, and plan.

Logging Out

Clear your session by calling the logout endpoint:
Argus invalidates the server-side session. Discard the cookie file on your client after logging out.

Auth Endpoints Summary

MethodPathAuth RequiredDescription
POST/api/v1/auth/registerNoCreate a new account
POST/api/v1/auth/verify-otpNoVerify email with OTP
POST/api/v1/auth/send-otpNoResend a new OTP
POST/api/v1/auth/loginNoLog in and receive a session cookie
POST/api/v1/auth/logoutSessionLog out and clear the session
GET/api/v1/auth/meSessionGet current user and organization