Settings
Manage API keys, audit logs, plugin configuration, and notification channels.
API Keys
Navigate to Settings → API Keys to manage programmatic access tokens.
API keys authenticate as a specific role (without user credentials) and are ideal for CI/CD pipelines and automation scripts.
Generating an API Key
- Click + Generate Key.
- Enter a Key Name (e.g.
ci-deploy,monitoring-agent). - Select a Role — the key inherits all permissions of this role.
- Optionally set an Expires At date. Leave blank for no expiry.
- Click Generate.
Important: The full key is shown only once. Copy it immediately and store it securely. You cannot retrieve it later.
The key prefix (first 8 characters) is shown in the list for identification.
Using an API Key
Pass the key as a Bearer token:
Authorization: Bearer sk_<your_api_key>
X-Tenant-ID: <your_tenant_id>Revoking an API Key
Click Revoke next to the key. The key is immediately invalidated.
Revoked keys remain in the list with status Revoked for audit purposes.
Key Columns
| Column | Description |
|---|---|
| Name | Human-readable identifier |
| Key Prefix | First 8 chars for identification |
| Role | Permissions level |
| Status | Active / Revoked |
| Expires | Expiry date or "Never" |
| Created | Creation timestamp |
Audit Log
Navigate to Settings → Audit Log to review the immutable record of all administrative actions.
Every write operation through the API is logged with:
- Time — UTC timestamp
- Actor — email of the user or API key that performed the action
- Action — verb (create, update, delete, login, etc.)
- Resource — type and ID of the affected resource
- Details — additional context (changed fields, etc.)
- IP — source IP address
Filtering
| Filter | Description |
|---|---|
| Search | Free-text across all fields |
| Action | Filter by action verb (e.g. create, delete) |
| Actor Email | Filter by who performed the action |
| From / To | Date range picker |
The audit log is append-only and cannot be modified or deleted via the UI.
Plugin Config
Navigate to Settings → Plugin Config to manage tenant-wide plugin defaults.
Plugin configuration is hierarchical:
- Platform defaults — compiled into the plugin
- Tenant defaults — set here, override platform defaults
- Group overrides — set per device group, override tenant defaults
Enabled / Disabled
Each plugin can be enabled or disabled at the tenant level. Disabled plugins are not active on any device in the tenant.
Inheriting Defaults
When a device group has no override for a specific plugin setting, it inherits the tenant default shown here. The device group plugin config UI shows "Inheriting tenant default" for these fields.
Click Reset to tenant default in a group's plugin config to remove the override and revert to the tenant default.
See Tenants → Plugin Configuration for per-plugin settings reference.
Notification Channels
Navigate to Settings → Notifications to configure where alert notifications are delivered.
See Alerts → Notification Channels for details on creating and managing channels.