Settings¶
The Settings page manages your dashboard connection, appearance preferences, and personal account settings.
API Key Configuration¶
The API Key field stores your tenant API key used for all X-API-Key authenticated requests.
How It Works¶
- On login, the API issues a session API key automatically
- You can override it with a tenant API key from tenant creation or seed data
- The key is stored in browser
localStorageand sent with every API request
Keep your API key secret
API keys grant access to all tenant resources. Never commit keys to version control or share them in public channels.
Obtaining an API Key¶
| Method | Steps |
|---|---|
| Login (password) | Session key issued automatically on POST /auth/login |
| Login (SSO) | Session key issued after OIDC exchange — see SSO Configuration |
| Tenant creation | api_key returned in POST /api/v1/tenants response |
| User API keys | Create via POST /api/v1/api-keys (shown once) |
| Seed data | Demo keys from scripts/seed_data.py |
Theme¶
Toggle between light and dark mode using the theme switcher. The preference is persisted in localStorage and applied via CSS custom properties (themes.css).
| Theme | Description |
|---|---|
| Light | Default Material-inspired light palette |
| Dark | Slate background with indigo accents |
Language¶
Switch between English and Russian using the language selector. The UI loads translations from frontend/src/i18n/translations.js. Language preference is stored locally.
Account Information¶
The Settings page displays your current user profile from GET /api/v1/auth/me:
| Field | Description |
|---|---|
| Login email address | |
| Full Name | Display name |
| Role | RBAC role (admin, security_analyst, etc.) |
| Tenant | Associated tenant name |
| Last Login | Most recent login timestamp |
Change Password¶
Update your password via the API:
curl -X POST http://localhost:8000/api/v1/users/me/change-password \
-H "Authorization: Bearer <jwt>" \
-H "Content-Type: application/json" \
-d '{
"current_password": "old-password",
"new_password": "new-secure-password"
}'
User API Keys¶
Manage personal API keys for programmatic access:
# Create
curl -X POST http://localhost:8000/api/v1/api-keys \
-H "Authorization: Bearer <jwt>" \
-H "Content-Type: application/json" \
-d '{"name": "CI Pipeline Key"}'
# List
curl http://localhost:8000/api/v1/api-keys \
-H "Authorization: Bearer <jwt>"
# Revoke
curl -X DELETE http://localhost:8000/api/v1/api-keys/<key_id> \
-H "Authorization: Bearer <jwt>"
Key shown once
The raw API key is returned only at creation time. Store it securely immediately.
Update Profile¶
curl -X PUT http://localhost:8000/api/v1/users/me \
-H "Authorization: Bearer <jwt>" \
-H "Content-Type: application/json" \
-d '{"full_name": "Jane Security Analyst"}'
Logout¶
Click Sign Out to clear the session. This calls POST /api/v1/auth/logout and removes stored credentials from the browser.
Related Documentation¶
- Getting Started — initial API key setup
- Users — admin user management
- API Reference — auth and user endpoints