Skip to content

Sentinel Pass Service

OAuth credential management and usage analytics API operations.

Sentinel Passes are security credentials (OAuth clients, API keys, and tokens) scoped to a project. The service exposes CRUD operations, key rotation, revocation, and activity log/metrics endpoints.

Base URL for CRUD operations is REACT_APP_ORGANIZATIONS_API_BASE_URL (default: https://api.traylinx.com/ma-metrics-wsp-ms/v1/api). Activity log and metrics endpoints are served by the Auth microservice at REACT_APP_AUTH_API_BASE_URL.

All requests require Api-Key and Authorization: Bearer <token> headers.

Create Sentinel Pass

http theme={null} POST https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/organizations/{orgId}/projects/{projectId}/sentinel_passes

Create a new security credential scoped to a project.

The organization’s unique ID.

The project’s unique ID.

A human-readable name for the credential.

Optional description.

The entity type this credential is for. Defaults to "project".

The entity ID. Automatically set to projectId.

Array of permission strings granted to this credential.

Array of allowed HTTP referer patterns.

The credential type. Defaults to "api_key".

Array of OAuth scopes.

Optional ISO 8601 expiration datetime.

Optional array of string tags.

```bash theme={null} curl -X POST https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/organizations/org-123/projects/proj-456/sentinel_passes \ -H "Authorization: Bearer " \ -H "Api-Key: " \ -H "Content-Type: application/json" \ -d '{ "sentinelPass": { "title": "Production API Access", "description": "Read-only access for production service", "credentialType": "api_key", "permissions": ["read:data"], "scopes": ["read"], "tags": ["production"] } }' 

**Response:** The created Sentinel Pass in unified asset format (see [Response Shape](#response-shape)).

***

## List Sentinel Passes

<CodeGroup>
  ```http  theme={null}
  GET https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/organizations/{orgId}/projects/{projectId}/sentinel_passes
  ```
</CodeGroup>

<ParamField path="orgId" type="string" required>
  The organization’s unique ID.
</ParamField>

<ParamField path="projectId" type="string" required>
  The project’s unique ID.
</ParamField>

<ParamField query="active" type="boolean">
  Filter by active status.
</ParamField>

<ParamField query="credential_type" type="string">
  Filter by credential type.
</ParamField>

<ParamField query="search" type="string">
  Filter by name substring.
</ParamField>

<ParamField query="tags" type="string">
  Comma-separated list of tags to filter by.
</ParamField>

```bash  theme={null}
curl "https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/organizations/org-123/projects/proj-456/sentinel_passes?active=true" \
  -H "Authorization: Bearer <token>" \
  -H "Api-Key: <your_api_key>"

Response: Array of Sentinel Pass objects in unified asset format.

Get Sentinel Pass

http theme={null} GET https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/organizations/{orgId}/projects/{projectId}/sentinel_passes/{passId}

The organization’s unique ID.

The project’s unique ID.

The Sentinel Pass ID.

Update Sentinel Pass

http theme={null} PUT https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/organizations/{orgId}/projects/{projectId}/sentinel_passes/{passId}

The organization’s unique ID.

The project’s unique ID.

The Sentinel Pass ID.

Updated Sentinel Pass data. Accepts the same fields as Create.

Delete Sentinel Pass

http theme={null} DELETE https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/organizations/{orgId}/projects/{projectId}/sentinel_passes/{passId}

Permanently delete a Sentinel Pass. To disable without deleting, use Revoke instead.

The organization’s unique ID.

The project’s unique ID.

The Sentinel Pass ID.

Rotate Key

http theme={null} POST https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/organizations/{orgId}/projects/{projectId}/sentinel_passes/{passId}/rotate_key

Invalidate the current API key and generate a new one. The Sentinel Pass remains active.

The organization’s unique ID.

The project’s unique ID.

The Sentinel Pass ID.

```bash theme={null} curl -X POST https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/organizations/org-123/projects/proj-456/sentinel_passes/pass-789/rotate_key \ -H "Authorization: Bearer " \ -H "Api-Key: " 

**Response:** The updated Sentinel Pass with a new key.

***

## Revoke Sentinel Pass

<CodeGroup>
  ```http  theme={null}
  POST https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/organizations/{orgId}/projects/{projectId}/sentinel_passes/{passId}/revoke
  ```
</CodeGroup>

Disable a Sentinel Pass without deleting it. The credential can be re-activated later.

<ParamField path="orgId" type="string" required>
  The organization’s unique ID.
</ParamField>

<ParamField path="projectId" type="string" required>
  The project’s unique ID.
</ParamField>

<ParamField path="passId" type="string" required>
  The Sentinel Pass ID.
</ParamField>

***

## Activate Sentinel Pass

<CodeGroup>
  ```http  theme={null}
  POST https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/organizations/{orgId}/projects/{projectId}/sentinel_passes/{passId}/activate
  ```
</CodeGroup>

Re-enable a previously revoked Sentinel Pass.

<ParamField path="orgId" type="string" required>
  The organization’s unique ID.
</ParamField>

<ParamField path="projectId" type="string" required>
  The project’s unique ID.
</ParamField>

<ParamField path="passId" type="string" required>
  The Sentinel Pass ID.
</ParamField>

***

## Get Activity Logs

<CodeGroup>
  ```http  theme={null}
  GET https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/oauth/agent/activity/logs
  ```
</CodeGroup>

Fetch paginated activity logs for a Sentinel Pass agent. Served by the Auth microservice.

<ParamField query="agent_user_id" type="string" required>
  The agent user ID associated with the Sentinel Pass.
</ParamField>

<ParamField query="page" type="integer">
  Page number. Defaults to `1`.
</ParamField>

<ParamField query="per_page" type="integer">
  Items per page. Defaults to `25`.
</ParamField>

<ParamField query="start_date" type="string">
  ISO 8601 start date for filtering.
</ParamField>

<ParamField query="end_date" type="string">
  ISO 8601 end date for filtering.
</ParamField>

<ParamField query="activity_type" type="string">
  Filter by activity type: `api_request`, `token_generation`, or `error`.
</ParamField>

<ParamField query="endpoint" type="string">
  Filter by endpoint path.
</ParamField>

<ParamField query="success" type="boolean">
  Filter by success status.
</ParamField>

<ParamField query="sort_by" type="string">
  Field to sort by.
</ParamField>

<ParamField query="sort_order" type="string">
  Sort order: `asc` or `desc`. Defaults to `desc`.
</ParamField>

```bash  theme={null}
curl "https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/agent/activity/logs?agent_user_id=agent-123&page=1&per_page=25" \
  -H "Authorization: Bearer <token>" \
  -H "Api-Key: <your_api_key>"

Array of activity log entries.

The log entry ID. 

<ResponseField name="agent_user_id" type="string">
  The agent user ID.
</ResponseField>

<ResponseField name="endpoint" type="string">
  The API endpoint path that was called.
</ResponseField>

<ResponseField name="http_method" type="string">
  HTTP method: `GET`, `POST`, etc.
</ResponseField>

<ResponseField name="status_code" type="integer">
  HTTP status code of the response.
</ResponseField>

<ResponseField name="client_ip" type="string">
  Client IP address.
</ResponseField>

<ResponseField name="user_agent" type="string">
  User agent string.
</ResponseField>

<ResponseField name="started_at" type="string">
  ISO 8601 timestamp when the request started.
</ResponseField>

<ResponseField name="completed_at" type="string">
  ISO 8601 timestamp when the request completed.
</ResponseField>

<ResponseField name="duration_ms" type="integer">
  Request duration in milliseconds.
</ResponseField>

<ResponseField name="success" type="boolean">
  Whether the request succeeded.
</ResponseField>

<ResponseField name="activity_type" type="string">
  Activity type: `api_request`, `token_generation`, or `error`.
</ResponseField>

<ResponseField name="error_message" type="string | null">
  Error message if the request failed.
</ResponseField>

Current page number.

Items per page.

Total number of log entries matching the filters.

Total number of pages.

Export Activity Logs

http theme={null} GET https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/oauth/agent/activity/export

Export activity logs as a downloadable file. Returns a binary blob.

The agent user ID associated with the Sentinel Pass.

Export format: json, csv, or jsonl. Defaults to json.

ISO 8601 start date for filtering.

ISO 8601 end date for filtering.

Filter by activity type.

Filter by endpoint path.

Filter by success status.

```bash theme={null} curl "https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/agent/activity/export?agent_user_id=agent-123&format=csv" \ -H "Authorization: Bearer " \ -H "Api-Key: " \ --output activity-logs.csv 

***

## Get Usage Metrics

<CodeGroup>
  ```http  theme={null}
  GET https://api.traylinx.com/ma-metrics-wsp-ms/v1/api/oauth/agent/activity/metrics
  ```
</CodeGroup>

Fetch aggregated usage metrics for a Sentinel Pass agent over a specified time range.

<ParamField query="agent_user_id" type="string" required>
  The agent user ID associated with the Sentinel Pass.
</ParamField>

<ParamField query="start_date" type="string">
  ISO 8601 start date.
</ParamField>

<ParamField query="end_date" type="string">
  ISO 8601 end date.
</ParamField>

<ParamField query="group_by" type="string">
  Grouping interval: `hour`, `day`, or `week`. Defaults to `day`.
</ParamField>

```bash  theme={null}
curl "https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/agent/activity/metrics?agent_user_id=agent-123&group_by=day" \
  -H "Authorization: Bearer <token>" \
  -H "Api-Key: <your_api_key>"

Array of time-series data points.

ISO 8601 timestamp for the interval. 

<ResponseField name="total_requests" type="integer">
  Total number of requests in the interval.
</ResponseField>

<ResponseField name="success_count" type="integer">
  Number of successful requests.
</ResponseField>

<ResponseField name="error_count" type="integer">
  Number of failed requests.
</ResponseField>

<ResponseField name="avg_latency_ms" type="number">
  Average response latency in milliseconds.
</ResponseField>

<ResponseField name="p95_latency_ms" type="number">
  95th percentile latency in milliseconds.
</ResponseField>

<ResponseField name="unique_endpoints" type="integer">
  Number of distinct endpoints called.
</ResponseField>

The start of the reported period.

The end of the reported period.

The grouping interval used.

Response Shape

All CRUD endpoints return Sentinel Passes in the unified asset format:

The Sentinel Pass ID.

Always "studio_tool".

The credential name.

The credential description.

Always "security".

Whether the credential is currently active.

Array of string tags.

Array of permission strings.

Array of allowed HTTP referer patterns.

The credential type, e.g., api_key.

Array of OAuth scope strings.

ISO 8601 expiration datetime, or null for non-expiring credentials.

ISO 8601 timestamp of the last key rotation.

Total number of times this credential has been used.

ISO 8601 creation timestamp.

ISO 8601 last-updated timestamp.

Caching and Rate Limits

  • Metrics data is cached client-side for 30 seconds.
  • Activity log results are cached per page and filter combination.
  • The recommended auto-refresh interval is 30 seconds.
  • Implement exponential backoff on failures.

Built with Mintlify.