Settings & Preferences
Manage alert preferences, API keys, and account settings programmatically. Configure how and when you receive notifications about security events.
Alert Preferences
GET
/settings/alert-preferencesGet current alert preferences for your account.
curl "https://api.compliancelayer.net/v1/settings/alert-preferences" \
-H "Authorization: Bearer cl_YOUR_API_KEY"PUT
/settings/alert-preferencesUpdate alert preferences. All fields are optional - only include preferences you want to change.
Request Body
| Parameter | Type | Description |
|---|---|---|
score_drop | boolean | Alert when domain score drops significantly |
critical_issue | boolean | Alert on critical findings (expired certs, etc.) |
cert_expiry | boolean | Alert when certificates are expiring soon |
config_change | boolean | Alert on security configuration changes |
curl -X PUT "https://api.compliancelayer.net/v1/settings/alert-preferences" \
-H "Authorization: Bearer cl_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"score_drop": true,
"critical_issue": true,
"cert_expiry": true,
"config_change": false
}'API Key Management
POST
/auth/api-key/regenerateRegenerate your API key. The old key will be immediately revoked.
Warning: Regenerating your API key will immediately revoke the old key. All applications using the old key will stop working.
curl -X POST "https://api.compliancelayer.net/v1/auth/api-key/regenerate" \
-H "Authorization: Bearer cl_YOUR_CURRENT_API_KEY"Password Management
POST
/auth/password/changeChange password for authenticated user. Requires current password for verification.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
current_password | string | Yes | Current password for verification |
new_password | string | Yes | New password (min 8 characters) |
curl -X POST "https://api.compliancelayer.net/v1/auth/password/change" \
-H "Authorization: Bearer cl_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"current_password": "old_password_here",
"new_password": "new_secure_password_123"
}'POST
/auth/password/reset-requestRequest a password reset email. Public endpoint (no authentication required).
curl -X POST "https://api.compliancelayer.net/v1/auth/password/reset-request" \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]"
}'POST
/auth/password/reset-confirmReset password using token from email. Public endpoint.
Request Body
| Parameter | Type | Required |
|---|---|---|
email | string | Yes |
token | string | Yes |
new_password | string | Yes (min 8 chars) |
curl -X POST "https://api.compliancelayer.net/v1/auth/password/reset-confirm" \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"token": "reset_token_from_email",
"new_password": "new_secure_password_123"
}'Logout
POST
/auth/logoutLogout and clear session cookie (for web applications using JWT tokens).
curl -X POST "https://api.compliancelayer.net/v1/auth/logout" \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Best Practices
1. Manage Alerts Based on Environment
async function configureAlertsForEnvironment(env) {
const preferences = {
production: {
score_drop: true,
critical_issue: true,
cert_expiry: true,
config_change: true
},
staging: {
score_drop: false,
critical_issue: true,
cert_expiry: true,
config_change: false
},
development: {
score_drop: false,
critical_issue: false,
cert_expiry: false,
config_change: false
}
};
await updateAlertPreferences(preferences[env]);
}
// Configure for production
await configureAlertsForEnvironment('production');2. Rotate API Keys Regularly
Implement a key rotation schedule:
async function rotateApiKey() {
// Generate new key
const response = await fetch(
'https://api.compliancelayer.net/v1/auth/api-key/regenerate',
{
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.CURRENT_API_KEY}`
}
}
);
const { api_key } = await response.json();
// Update environment variables
console.log('New API Key:', api_key);
console.log('Update your environment variables immediately!');
// Return new key for deployment tools
return api_key;
}
// Rotate every 90 days
const newKey = await rotateApiKey();3. Use Strong Passwords
- Minimum 8 characters (12+ recommended)
- Mix of uppercase, lowercase, numbers, and symbols
- Avoid common words and patterns
- Use a password manager
Related Topics
- Authentication - API keys and JWT tokens
- Monitoring Domains - Alert configuration per domain
- Webhooks - Programmatic alert delivery