API authentication and keys

The Tidelift API and Tidelift CLI allows you to authenticate using an API key for all endpoints.

The three different types of API keys provided by Tidelift

1. User Keys are tied to your user within the Tidelift Subscription and allow you to use all commands in Tidelift CLI except for  tidelift alignment save. These keys should be kept private to individuals as they have all of the permissions that the user has within the Tidelift system. You can create and view User Keys in the Tidelift web app under Settings->API Keys. To use these keys with Tidelift CLI, run tidelift authenticate.
2. Project Keys are a more tightly-scoped type of API key suitable for use within your CI/CD process. These keys only allow you to save an alignment for a project and check the status of those alignments. It is recommended that these keys are stored in the native secret storage mechanism of your CI/CD platform. They can be configured in the Tidelift web app under Settings->API Keys->Project Keys. See this article for information on how to create a project API key from a Project's settings page or Tidelift CLI.
3. Organization Keys are similar to Project Keys and only allow for alignments to be run within a CI/CD process, but will work for all projects. They are not tightly-scoped to a specific project and should only be used when necessary, following the same security guidelines as Project keys. They can be configured in the Tidelift web app under Settings->API Keys->Organization Keys.
   
   

If you are writing your own integration with the Tidelift API, you can pass the key as the Authorization header, for example:

curl -H 'Authorization: Bearer {{api-key-example}}'