Skip to main content

API Keys

DriftWise uses API keys to authenticate requests. Keys are scoped to an organization and prefixed with dw2_.

Creating an API Key

Sign in to the DriftWise dashboard
Navigate to Settings in the sidebar
Click Create API Key
Copy the key — it's only shown once

Using Your Key

Pass the key in the x-api-key header. The analyze endpoint expects a JSON body with the plan in the plan_json field:

# Convert binary plan to JSON, then send to DriftWise
terraform show -json tfplan > plan.json

curl -X POST https://app.driftwise.ai/api/v2/orgs/$ORG_ID/analyze \
  -H "x-api-key: dw2_your_key_here" \
  -H "Content-Type: application/json" \
  -d "{\"plan_json\": $(cat plan.json | jq -Rs .)}"

Response

The endpoint returns the analysis synchronously (up to 120s timeout):

{
  "scan_run": { "id": "...", "status": "done" },
  "risk_level": "high",
  "narrative": "3 changes — 1 opens database port to public internet...",
  "summary": { ... },
  "changes": [ ... ]
}

Security

Keys are stored as SHA-256 hashes — DriftWise never stores your raw key
Rotate keys regularly from the Settings page
Use environment variables or secret managers to store keys in CI/CD

Creating an API Key
Using Your Key
- Response
Security