Session Authentication
Most API endpoints require an active session. Establish a session by sending your credentials to the login endpoint — Argus sets a session cookie in the response. Include that cookie in every subsequent request. Log in and save the session cookie:- Browsers handle cookies automatically — no extra configuration needed.
- Programmatic clients (scripts, server-side code) must use a cookie jar (e.g.
-c/-bflags in curl, arequests.Session()in Python, or equivalent) or manually copy theSet-Cookievalue into aCookieheader. - Any session-protected endpoint returns
401with the message"You need to be logged in!"if the cookie is missing or expired.
Argus runs behind a reverse proxy in production. Cookies are marked
Secure and SameSite=Lax in that environment, so make sure your client sends requests over HTTPS.Registration and Email Verification
New accounts require email verification via a one-time passcode (OTP) before you can log in. Step 1 — Create the account:POST /api/v1/auth/login as shown in Session Authentication above.
Resend an expired OTP:
OAuth Login
Argus supports signing in with Google and GitHub. OAuth flows are browser-based — initiate them from the dashboard login page by clicking Sign in with Google or Sign in with GitHub. After a successful OAuth callback, Argus sets the same session cookie used by password-based login, so all subsequent API calls work identically.OAuth accounts are linked by email address. If you registered with a password and later sign in with Google using the same email, Argus creates a separate OAuth-linked account record. Use the same sign-in method consistently.
DSN Authentication
The event ingest endpoint does not use session cookies. Instead, it authenticates requests using your project’s DSN public key. Ingest endpoint:X-Sentry-Auth request header:
https:// and @ — that is your public key.
Getting the Current User
Retrieve your authenticated user profile and organization details with:data object includes your user fields plus an organization object containing your org’s id, name, slug, and plan.
Logging Out
Clear your session by calling the logout endpoint:Auth Endpoints Summary
| Method | Path | Auth Required | Description |
|---|---|---|---|
POST | /api/v1/auth/register | No | Create a new account |
POST | /api/v1/auth/verify-otp | No | Verify email with OTP |
POST | /api/v1/auth/send-otp | No | Resend a new OTP |
POST | /api/v1/auth/login | No | Log in and receive a session cookie |
POST | /api/v1/auth/logout | Session | Log out and clear the session |
GET | /api/v1/auth/me | Session | Get current user and organization |