Skip to content

Settings

The Settings page manages your dashboard connection, appearance preferences, and personal account settings.

API Key Configuration

The API Key field stores your tenant API key used for all X-API-Key authenticated requests.

How It Works

  1. On login, the API issues a session API key automatically
  2. You can override it with a tenant API key from tenant creation or seed data
  3. The key is stored in browser localStorage and sent with every API request
# Verify your key works
curl http://localhost:8000/api/v1/status \
  -H "X-API-Key: <your-api-key>"

Keep your API key secret

API keys grant access to all tenant resources. Never commit keys to version control or share them in public channels.

Obtaining an API Key

Method Steps
Login (password) Session key issued automatically on POST /auth/login
Login (SSO) Session key issued after OIDC exchange — see SSO Configuration
Tenant creation api_key returned in POST /api/v1/tenants response
User API keys Create via POST /api/v1/api-keys (shown once)
Seed data Demo keys from scripts/seed_data.py

Theme

Toggle between light and dark mode using the theme switcher. The preference is persisted in localStorage and applied via CSS custom properties (themes.css).

Theme Description
Light Default Material-inspired light palette
Dark Slate background with indigo accents

Language

Switch between English and Russian using the language selector. The UI loads translations from frontend/src/i18n/translations.js. Language preference is stored locally.

Account Information

The Settings page displays your current user profile from GET /api/v1/auth/me:

Field Description
Email Login email address
Full Name Display name
Role RBAC role (admin, security_analyst, etc.)
Tenant Associated tenant name
Last Login Most recent login timestamp

Change Password

Update your password via the API:

curl -X POST http://localhost:8000/api/v1/users/me/change-password \
  -H "Authorization: Bearer <jwt>" \
  -H "Content-Type: application/json" \
  -d '{
    "current_password": "old-password",
    "new_password": "new-secure-password"
  }'

User API Keys

Manage personal API keys for programmatic access:

# Create
curl -X POST http://localhost:8000/api/v1/api-keys \
  -H "Authorization: Bearer <jwt>" \
  -H "Content-Type: application/json" \
  -d '{"name": "CI Pipeline Key"}'

# List
curl http://localhost:8000/api/v1/api-keys \
  -H "Authorization: Bearer <jwt>"

# Revoke
curl -X DELETE http://localhost:8000/api/v1/api-keys/<key_id> \
  -H "Authorization: Bearer <jwt>"

Key shown once

The raw API key is returned only at creation time. Store it securely immediately.

Update Profile

curl -X PUT http://localhost:8000/api/v1/users/me \
  -H "Authorization: Bearer <jwt>" \
  -H "Content-Type: application/json" \
  -d '{"full_name": "Jane Security Analyst"}'

Logout

Click Sign Out to clear the session. This calls POST /api/v1/auth/logout and removes stored credentials from the browser.