Skip to Content
Upblit
AboutOpen SourceCommunityDeveloperContactPricing
Star on GitHub—Sign in
CTRL K
  • Introduction
    • AI Gateway Overview
    • Documents
    • Tenants
    • API Reference Overview
    • AI Gateway API
    • API Keys API
    • Applications API
    • Authentication
    • Ingest API (SDK)
    • Organizations API
    • Projects API
    • Telemetry API
    • Users API
    • Architecture Overview
    • Database Architecture
    • Multi-Tenancy
    • Security Model
    • Service Boundaries
    • Telemetry Pipeline
  • Upblit CLI
    • Contributing
    • Architecture Rules
    • Coding Guidelines
    • SDK Development
    • Dashboard Overview
    • AI Gateway
    • API Keys
    • Applications
    • Observability
    • Organizations
    • Profile
    • Projects
    • Quickstart
    • Authentication
    • Your First Project
    • Installation
    • Observability Overview
    • Structured Logs
    • Telemetry Flow
    • Distributed Traces
    • SDK Overview
    • Express SDK
    • Go SDK
    • Java SDK (Coming Soon)
    • Python SDK
    • React SDK (Coming Soon)
  • Introduction
    • AI Gateway Overview
    • Documents
    • Tenants
    • API Reference Overview
    • AI Gateway API
    • API Keys API
    • Applications API
    • Authentication
    • Ingest API (SDK)
    • Organizations API
    • Projects API
    • Telemetry API
    • Users API
    • Architecture Overview
    • Database Architecture
    • Multi-Tenancy
    • Security Model
    • Service Boundaries
    • Telemetry Pipeline
  • Upblit CLI
    • Contributing
    • Architecture Rules
    • Coding Guidelines
    • SDK Development
    • Dashboard Overview
    • AI Gateway
    • API Keys
    • Applications
    • Observability
    • Organizations
    • Profile
    • Projects
    • Quickstart
    • Authentication
    • Your First Project
    • Installation
    • Observability Overview
    • Structured Logs
    • Telemetry Flow
    • Distributed Traces
    • SDK Overview
    • Express SDK
    • Go SDK
    • Java SDK (Coming Soon)
    • Python SDK
    • React SDK (Coming Soon)

On This Page

  • How It Works
  • JWT Tokens
  • API Key Authentication (SDKs)
  • Security Notes
Getting StartedAuthentication

Authentication

Upblit uses GitHub OAuth 2.0 for authentication. There are no usernames or passwords — your GitHub account is your identity.

How It Works

Browser → Dashboard → GET /oauth2/authorization/github → GitHub login page → User authorizes Upblit → GitHub redirects to backend callback → Backend creates/updates your user record → Backend issues a JWT access token → Dashboard stores JWT in localStorage → All API calls use: Authorization: Bearer {token}

JWT Tokens

After OAuth, the backend issues a short-lived JWT access token and a refresh token.

  • The JWT is stored in localStorage under the key "token"
  • All dashboard API calls attach it as Authorization: Bearer {token}
  • If the token expires, the dashboard automatically redirects to /login?reason=session_expired

API Key Authentication (SDKs)

SDKs do not use JWT. They use an API key scoped to a specific application.

SDK → POST /ingest/traces → Header: x-api-key: <your-api-key>

API keys are generated per application from the dashboard. They are shown only once — store them securely.

Security Notes

  • API keys are scoped to a single application — they cannot be used across applications
  • Never commit API keys to source control
  • If a key is compromised, generate a new one from the dashboard (revocation endpoint coming soon)
  • The JWT is stored in localStorage — this is the standard SPA pattern and is acceptable when combined with HTTPS and proper CORS configuration
Last updated on June 12, 2026
QuickstartYour First Project
Upblit

Observability for logs, traces, metrics, API keys, and AI-assisted incident notes.

Copyright 2026 Upblit.

Product

  • Architecture
  • Dashboard preview
  • AI docs
  • Security
  • Pricing

Developers

  • Developer docs
  • API reference
  • Changelog
  • GitHub
  • Status

Company

  • Community
  • Support
  • Patreon
  • Docs
  • Dashboard
  • Sign in

Legal

  • Privacy Policy
  • Terms
  • Cookie Policy
  • Acceptable Use
  • Data Retention
  • Data Processing