Security

Authentication

Securely connect your services to LuminaLog using industry-standard API keys and environment-specific credentials.

API Keys

LuminaLog uses API keys to authenticate requests. Each key is tied to a specific project and organization, allowing for granular access control.

Key Format

ll_2010ecf83382641e48b090e7fb82396eb130113a51e363da

LL_

Service Prefix

Identifies the key type for security scanning tools.

High Entropy

48-character hex providing 192 bits of cryptographic security.

Creating API Keys

Go to Settings → API Keys in the sidebar

Click Create New API Key

Select your environment (Prod/Staging/Dev)

Save your key immediately (shown only once)

Critical Security Note

API keys are displayed only once. If lost, they must be revoked and regenerated immediately.

Direct API Ingestion

Send logs directly to our REST API using the x-api-key header.

cURL Example

curl -X POST https://api.luminalog.cloud/v1/logs \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "logs": [
      {
        "timestamp": "2026-01-26T14:30:00Z",
        "level": "info",
        "message": "System check passed",
        "metadata": { "region": "us-east-1" }
      }
    ]
  }'

Rate Limits

Indie

60/min

Bootstrapper

300/min

Compliance

600/min

Scale

1,800/min

Security Best Practices

Environment Variables

Never hardcode API keys. Use .env files.

Secrets Management

Use AWS Secrets Manager or HashiCorp Vault.

Key Rotation

Rotate production keys every 90 days.

Service Isolation

Use unique keys for separate microservices.

Architecture

Deep dive into LuminaLog internal data pipelines.

SmartScrub™

Configure automatic PII redaction rules.