🚀 SecureCheap is live — Start free →
Getting Started
Authentication

Authentication & API Keys

Session authentication

SecureCheap uses short-lived JWTs (15-minute access tokens + 7-day refresh tokens).

TokenTTLStorage
Access token15 minuteslocalStorage + Authorization header
Refresh token7 daysHTTP-only cookie (sc_refresh_token)

When an API call returns 401, the SDK automatically uses the refresh token to obtain a new access token. You don't need to handle this manually.

SSO / OAuth

SecureCheap supports single sign-on via:

  • Googleaccounts.google.com
  • GitHubgithub.com/login/oauth

SSO logins still issue the same JWT pair. No special configuration needed.

API keys

Use API keys for server-to-server integrations, CI pipelines, and scripts.

Creating an API key

  1. Go to Settings → API Keys
  2. Click + New API Key
  3. Give it a name and select the scopes you need:
ScopePermissions
monitors:readList and get monitors
monitors:writeCreate, update, delete monitors
scans:readList and get scan results
scans:writeTrigger new scans
resources:readList discovered resources
integrations:readList integrations
alerts:readList alerts and events
reports:readDownload reports
  1. Copy the key immediately — it's only shown once.

Using an API key

curl https://api.securecheap.com/api/v1/monitors \
  -H "Authorization: Bearer sc_live_YOUR_API_KEY"
⚠️

API keys have the prefix sc_live_ (production) or sc_test_ (sandbox). Never commit API keys to version control. Use environment variables or a secrets manager.

Rotating a key

Go to Settings → API Keys → click the key → Rotate. The old key is invalidated immediately.