Authentication
Overview
Every API request requires authentication. Sentinel supports three methods:
| Method | Best for | |--------|----------| | API Keys | Server-side integrations, CI/CD, backend services | | Wallet Auth | Web3 applications, Solana-native teams | | JWT Tokens | Session-based access after initial auth |
API Keys
Generated when you create a project. Include it in the Authorization header:
curl -H "Authorization: Bearer sk_live_abc123..." \
https://api.sentinel.dev/v1/robots
SDK usage:
import { Sentinel } from '@sentinel/sdk';
const sentinel = new Sentinel({
apiKey: process.env.SENTINEL_API_KEY,
});
Wallet Authentication
For teams using Solana wallets (Phantom, Backpack, Solflare):
const sentinel = new Sentinel({
wallet: phantomWallet,
});
await sentinel.auth.connectWallet();
The SDK requests a signature of a one-time challenge. No passwords or email required.
JWT Tokens
After successful authentication, you receive a token:
{
"token": "eyJhbGciOiJFZDI1NTE5...",
"expiresAt": "2025-01-16T10:00:00Z",
"fleetId": "fleet-abc123"
}
Tokens are valid for 24 hours. Include them in subsequent requests:
curl -H "Authorization: Bearer eyJhbGci..." \
https://api.sentinel.dev/v1/fleet/stats
Scopes
Each API key is assigned scopes that define its permissions:
| Scope | Permissions |
|-------|-------------|
| fleet:read | View fleet data, device status, trust scores |
| fleet:write | Register devices, send commands, update status |
| firmware:verify | Submit firmware for hash verification |
| audit:read | Query audit logs and compliance exports |
| admin | Full access to all endpoints |
Best practice: Create separate keys per environment. Use fleet:read for dashboards, fleet:write for device runtimes, and admin only for infrastructure automation.
Rate Limits
| Endpoint | Limit | |----------|-------| | Device registration | 10 requests/minute | | Telemetry submission | 120 requests/minute | | Command dispatch | 30 requests/minute | | All other endpoints | 60 requests/minute |
Exceeding limits returns 429 Too Many Requests with a Retry-After header.