Dataset Authentication

Datasets use two credential types.

PATs

A PAT starts with pat_.

PATs are account-level credentials. They are not tied to one project. Use a PAT for Loguro API operations that manage or query a project:

The project slug in the URL selects the project. Loguro then checks that the PAT owner has access to that project.

curl https://logu.ro/api/datasets/local/13/schema \
  -H "Authorization: Bearer pat_xxx"

PATs are also used by the CLI and MCP integrations. See CLI authentication.

The TypeScript SDK uses this token in DatasetQueryClient. See Datasets — TypeScript SDK.

Project API keys

Project API keys are data-plane credentials. They are used to send data into ingest.

Use a project API key for:

The ingest token identifies the project. Dataset ingest does not put the project slug in the URL; it puts the dataset id in the URL.

curl -X POST https://ingest.logu.ro/datasets/13 \
  -H "Authorization: Bearer YOUR_PROJECT_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{"timestamp":"2026-06-10T10:00:00Z","context":{},"country":"RO"}'

Legacy ingest without a dataset id can still target the project’s default dataset, when one exists.

Why they are separate

Creating datasets, registering schemas, and querying data are control-plane actions. They need account-level authorization and explicit project checks.

Ingest is a high-volume data-plane action. The ingest key already identifies the project and should not be able to create schemas or query data.

Common mistakes

Security recommendations

• Use project API keys only in trusted servers or controlled environments.
• Do not put server ingest keys in browser code.
• Use PATs for CI, internal tools, and backend admin jobs.
• Rotate tokens when a deployment secret leaks.
• Give each environment its own project key when possible.