RetraceDocs

Authentication

Create and manage API keys for programmatic access

API Keys

Retrace uses API keys for programmatic access. Keys are scoped to an organization and inherit the creating user's role permissions.

Creating a Key

  1. Navigate to ManageAPI Keys in the dashboard
  2. Click Create API Key
  3. Provide a descriptive name (e.g., "CI Pipeline", "SOAR Integration")
  4. Copy the key immediately — it's only shown once

API keys follow the format: rtrc_live_ followed by a random string.

Using a Key

Include the key in the X-API-Key header with every request:

curl https://retrace.cloud/api/v1/analyze \
  -H "X-API-Key: rtrc_live_abc123..."

Permissions

API keys inherit role-based permissions:

RoleSubmit SamplesView ResultsManage Keys
AdminYesYesYes
AnalystYesYesNo
ViewerNoYesNo

Viewer-scoped keys receive 403 Forbidden when attempting to submit samples.

Revoking a Key

  1. Navigate to ManageAPI Keys
  2. Find the key and click the delete icon
  3. Confirm revocation

Revoked keys are immediately invalidated — any in-flight requests using the key will fail.

Security Best Practices

  • Rotate keys regularly — especially after team member departures
  • Use descriptive names — so you know which integration each key belongs to
  • Prefer analyst-scoped keys — avoid admin keys unless the integration needs to manage the organization
  • Store keys in secret managers — never commit keys to source control

API Overview

Integrate Retrace Sandbox into your security workflows

Analyze

Submit samples, list analyses, and retrieve results

On this page

API KeysCreating a KeyUsing a KeyPermissionsRevoking a KeySecurity Best Practices