Authentication overview

Logs.to provides authentication mechanisms designed to secure access to its log management platform, ensuring that only authorized entities can ingest log data or interact with the API. The primary methods for authentication include API keys for direct programmatic access and OAuth 2.0 for third-party integrations requiring delegated authorization. These methods are integral to maintaining the confidentiality and integrity of log data as it is transmitted to and managed within Logs.to.

The choice of authentication method typically depends on the client's use case. API keys are generally suitable for server-to-server communication and applications where a single service requires direct access to Logs.to. OAuth 2.0 is designed for scenarios where user consent is required for an application to act on their behalf, or for integrations between distinct services where client credentials can be securely managed. Logs.to's authentication infrastructure supports industry standards to facilitate secure and compliant operations, aligning with ISO/IEC 27001 principles for information security management.

All authentication credentials, once generated, are managed through the Logs.to user dashboard, providing a centralized location for creation, revocation, and monitoring. This includes detailed documentation on how to implement each authentication type, which is available in the Logs.to official documentation.

Supported authentication methods

Logs.to supports two primary methods for authentication:

  • API Keys: These are unique, secret tokens used to authenticate requests made directly to the Logs.to API. They are suitable for server-side applications, scripts, and services that need to send log data or query the platform without user interaction. API keys grant broad access, so their security and management are critical.
  • OAuth 2.0: This open standard for access delegation is used when third-party applications need to access a user's Logs.to resources without sharing their credentials. OAuth 2.0 tokens provide granular control over permissions and have a limited lifespan, enhancing security. Logs.to typically supports the Client Credentials grant type for service-to-service authentication and the Authorization Code grant type for user-facing applications. Further details are in the OAuth 2.0 specification.

The following table outlines the key characteristics of each authentication method:

Method When to Use Security Level
API Key Server-to-server communication, backend services, direct log ingestion High (if managed securely); relies on key secrecy
OAuth 2.0 Third-party integrations, delegated access, user-facing applications High; token-based, scoped permissions, refresh tokens

Getting your credentials

To begin authenticating with Logs.to, you need to obtain the appropriate credentials from your Logs.to account dashboard:

API Key Generation

  1. Log in: Access your Logs.to account using your username and password.
  2. Navigate to API Settings: In the dashboard, locate the "Settings" or "API Management" section, typically found under your profile or organization settings.
  3. Generate New Key: Look for an option to "Generate New API Key" or "Create Access Token." You may be prompted to provide a name or description for the key to help with identification and management.
  4. Copy Key: Once generated, the API key will be displayed. It is crucial to copy this key immediately and store it securely, as it may not be retrievable again for security reasons. If lost, you will need to generate a new one and revoke the old one.
  5. Assign Permissions (Optional): Some Logs.to plans allow assigning specific permissions or scopes to API keys, limiting their actions to only what is necessary. Consult the Logs.to API Key documentation for details on permission configuration.

OAuth 2.0 Client Setup

For OAuth 2.0, you will typically register your application as a client with Logs.to:

  1. Register Application: In the "Settings" or "Integrations" section of your Logs.to dashboard, find an option to "Register New Application" or "Create OAuth Client."
  2. Provide Details: You will need to provide information such as your application's name, description, and Redirect URIs (for the Authorization Code flow) or specify it as a confidential client (for the Client Credentials flow).
  3. Receive Client ID and Client Secret: Upon registration, Logs.to will issue a Client ID and Client Secret. The Client Secret, like an API key, must be kept confidential and stored securely.
  4. Configure Scopes: Define the necessary API scopes your application requires to access Logs.to resources. Scopes limit the access granted by the OAuth token.
  5. Implement Flow: Integrate the chosen OAuth 2.0 flow (e.g., Authorization Code, Client Credentials) into your application using the Client ID and Client Secret. The Logs.to OAuth Integration Guide provides specific implementation steps for various grant types.

Authenticated request example

Logs.to primarily uses HTTP headers for API key authentication and the Authorization header for OAuth 2.0 bearer tokens. Below is an example of sending a log entry using an API key via a curl command.

API Key Example

When using an API key, you typically include it in a custom HTTP header, such as X-Logs-Api-Key, or as part of the Authorization header with a custom scheme like Bearer or Logs-Key, depending on the Logs.to API endpoint requirements. For log ingestion, an X-Logs-Api-Key header is common.

curl -X POST \
  https://api.logs.to/v1/log \
  -H "Content-Type: application/json" \
  -H "X-Logs-Api-Key: YOUR_API_KEY_HERE" \
  -d '{
    "message": "User login successful",
    "level": "info",
    "timestamp": "2026-05-29T10:00:00Z",
    "user_id": "u12345",
    "component": "auth_service"
  }'

Replace YOUR_API_KEY_HERE with the actual API key obtained from your Logs.to dashboard. The specific header name for the API key should always be confirmed in the Logs.to API Reference documentation.

OAuth 2.0 Bearer Token Example

For OAuth 2.0, after obtaining an access token (e.g., via the Client Credentials flow), you include it in the Authorization header using the Bearer scheme.

curl -X GET \
  https://api.logs.to/v1/search?query=error \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN_HERE" \
  -H "Content-Type: application/json"

Replace YOUR_ACCESS_TOKEN_HERE with the valid OAuth 2.0 access token. OAuth 2.0 tokens typically have a limited lifespan and may require a refresh token to obtain new access tokens without re-authenticating the user or application, as detailed in the OAuth 2.0 Token Refresh specification.

Security best practices

Securely managing authentication credentials is paramount for protecting your log data and maintaining the integrity of your Logs.to account. Adhering to these best practices can mitigate common security risks:

  1. Restrict API Key Permissions: When generating API keys, grant only the minimum necessary permissions. For instance, an API key used only for log ingestion should not have permissions to modify account settings or delete data. This principle of least privilege limits the potential damage if a key is compromised.
  2. Store Credentials Securely: Never hardcode API keys or client secrets directly into your application's source code. Instead, use environment variables, secret management services (e.g., AWS Secrets Manager, Google Secret Manager), or secure configuration files. For local development, .env files are acceptable, but they must be excluded from version control.
  3. Rotate API Keys and Client Secrets Regularly: Periodically rotate your API keys and OAuth client secrets, typically every 90 days or when personnel changes occur. This reduces the window of opportunity for a compromised key to be exploited. Logs.to provides tools in the dashboard to facilitate key rotation.
  4. Monitor API Usage: Regularly review your Logs.to API usage logs and audit trails for any unusual patterns or unauthorized access attempts. Logs.to provides monitoring capabilities to help detect anomalies. If suspicious activity is detected, revoke the compromised credential immediately.
  5. Use HTTPS/TLS for All Communications: Ensure all communication with the Logs.to API occurs over HTTPS (TLS). This encrypts data in transit, preventing eavesdropping and tampering with authentication credentials and log data. Logs.to enforces TLS for all API endpoints.
  6. Implement OAuth 2.0 Correctly: For OAuth 2.0, verify Redirect URIs to prevent redirection attacks and ensure that state parameters are used to prevent Cross-Site Request Forgery (CSRF). Always use the most secure grant type appropriate for your application architecture, prioritizing Authorization Code with PKCE for public clients.
  7. Avoid Sharing Credentials: Do not share API keys or client secrets among different applications or services. Each application should have its own unique set of credentials to enable more granular control and easier revocation if a specific application's key is compromised.
  8. Secure Development Environment: Ensure that your development and testing environments are secure. Credentials used in development should be distinct from production credentials and handled with the same level of care.

By implementing these practices, developers can significantly enhance the security posture of their Logs.to integrations and protect sensitive log data from unauthorized access.