Authentication

Hosted API calls use an API key or trial session. Console access uses Google OAuth — separate from programmatic keys.

API key

Pro and Team plans receive a key at /activate after checkout. Pass it on every hosted request:

Authorization: Bearer dg_live_…

Or use the header alias accepted by some endpoints:

X-API-Key: dg_live_…

Trial session

Free trial endpoints accept a trial session token from /start:

X-DriftGuard-Trial: <trial-session-id>

Trial is limited to one watched endpoint with full Pro console features.

Console sign-in

The dashboard uses Google OAuth for humans. API keys are not used in the browser — they are for CI, MCP, and automation only.

Offline tools

OSS MCP tools compare_json, parse_mcp_config, and hosted_info work without a key. Monitoring tools require DRIFTGUARD_API_KEY in the MCP server environment.