API Keys

API keys grant access to the Prometheus metrics endpoint. Keep them secret — treat them like passwords.

Creating an API key

  1. Go to Settings → API Keys in your dashboard.
  2. Click Create API key.
  3. Give the key a descriptive name (for example, ci-deploy or prometheus-scraper).
  4. Copy the key immediately — it is shown only once. Store it in a secrets manager or environment variable.

Key format

Every Nines API key has the form nines_sk_<32 hex chars> — a fixed prefix followed by 32 lowercase hexadecimal characters (16 random bytes), for a total length of 41 characters. Example:

nines_sk_a3f8c2d1e4b57690a1b2c3d4e5f67890

The key is shown in full only once at creation time. Nines stores only a SHA-256 hash of the key, so it cannot be recovered if lost — you must create a new key.

Prometheus metrics URL

Each API key has a dedicated Prometheus metrics URL. You can find it on the API Keys settings page next to the key name. The URL looks like:

https://nines.sh/metrics/<token>

Pass this URL as the metrics_path (or equivalent) in your Prometheus scrape config. The token in the URL is the authentication credential — no additional headers are required. See Prometheus Metrics for a full scrape config example.

Metrics are available on Pro and above plans.

Rotating a key

To rotate a key:

  1. Create a new key from Settings → API Keys.
  2. Update all consumers (CI pipelines, Prometheus scrapers, etc.) to use the new key.
  3. Delete the old key once all consumers are updated.

Deleting a key is permanent and cannot be undone. Any consumer still using the old key will start receiving 401 Unauthorized responses.

Key security

  • Never commit API keys to version control.
  • Store keys in environment variables or a secrets manager (Vault, AWS Secrets Manager, Doppler, etc.).
  • Create separate keys per consumer so you can rotate them independently.
  • If a key is compromised, delete it immediately from the Settings → API Keys page.