Skip to main content

API Keys

API keys authenticate your application’s log ingestion requests to LogClaw Cloud. Each key is scoped to a project and automatically associates incoming logs with the correct tenant.

Getting Your API Key

1

Sign in to LogClaw Console

Go to console.logclaw.ai and sign in with your account. If you don’t have an account yet, click Sign Up to create one.
2

Create or select a project

From the dashboard, create a new project or select an existing one. Each project has its own isolated log pipeline and API keys.
3

Navigate to API Keys

In your project, go to Settings → API Keys.
4

Create an API Key

Click “Create API Key”, give it a descriptive name (e.g. production-backend), and copy the key immediately. Keys start with lc_proj_ and are only shown once.
lc_proj_5a33915526cd1af8238c6e690eeff9cec2611750d9914d2dd1cc7a87cf08c717
API keys are shown only once at creation time. Store your key securely before closing the dialog.

Using Your API Key

Add the x-logclaw-api-key header to all ingestion requests: 
curl -X POST https://otel.logclaw.ai/v1/logs \
  -H "Content-Type: application/json" \
  -H "x-logclaw-api-key: $LOGCLAW_API_KEY" \
  -d '{
    "resourceLogs": [{
      "resource": {
        "attributes": [
          {"key": "service.name", "value": {"stringValue": "my-api"}}
        ]
      },
      "scopeLogs": [{
        "logRecords": [{
          "timeUnixNano": "'$(date +%s)000000000'",
          "severityText": "INFO",
          "body": {"stringValue": "Hello from LogClaw!"}
        }]
      }]
    }]
  }'

Environment Variables

We recommend storing your API key in an environment variable: 
export LOGCLAW_API_KEY=lc_proj_your_key_here
For OpenTelemetry SDKs, use the standard OTLP environment variables: 
export OTEL_EXPORTER_OTLP_ENDPOINT=https://otel.logclaw.ai
export OTEL_EXPORTER_OTLP_HEADERS=x-logclaw-api-key=lc_proj_your_key_here
export OTEL_EXPORTER_OTLP_PROTOCOL=http/json
These environment variables work with any OpenTelemetry SDK — Python, Node.js, Go, Java, .NET, Ruby, and Rust — with zero code changes.

Tenant ID Auto-Injection

You do not need to add a tenant_id to your logs. LogClaw automatically injects the correct tenant identifier based on your API key’s project. Any tenant_id already present in the payload is stripped and replaced to prevent spoofing.
This means your application code stays clean — just send standard OTLP logs and LogClaw handles multi-tenant isolation for you.

Security Best Practices

Use environment variables

Never hardcode API keys in source code. Use environment variables or a secret manager (AWS Secrets Manager, GCP Secret Manager, HashiCorp Vault).

Rotate regularly

Create new keys and revoke old ones periodically. You can have multiple active keys per project to enable zero-downtime rotation.

Least privilege

Create separate API keys for each environment (staging, production) and each service to limit blast radius.

Revoke compromised keys

If a key is exposed, revoke it immediately from Settings → API Keys. A new key can be created in seconds.

Revoking API Keys

  1. Go to your project in console.logclaw.ai
  2. Navigate to Settings → API Keys
  3. Find the key you want to revoke and click Revoke
  4. The key stops working immediately — any requests using it will receive a 401 Unauthorized response
Revoking a key is irreversible. Create a new key before revoking the old one if you need uninterrupted log ingestion.

Self-Hosted Deployments

If you’re running LogClaw self-hosted, API keys are not required. Logs are sent directly to the OTel Collector endpoint and access is controlled via Kubernetes NetworkPolicy. See the Quick Start for self-hosted endpoint details.