> ## Documentation Index
> Fetch the complete documentation index at: https://sentrydocs.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate your API requests with Sentry auth tokens

All requests to the Sentry REST API must include an auth token. Sentry uses bearer token authentication — pass your token in the `Authorization` header on every request.

## Base URLs

| Region | Base URL               |
| ------ | ---------------------- |
| US     | `https://sentry.io`    |
| EU     | `https://de.sentry.io` |

All endpoints are relative to these base URLs. For example, the full path for `/api/0/organizations/` on the US region is `https://sentry.io/api/0/organizations/`.

## Auth tokens

Pass your token as a bearer token in the `Authorization` header:

```bash theme={null}
curl https://sentry.io/api/0/organizations/my-org/issues/ \
  -H "Authorization: Bearer sntrys_TOKEN"
```

Sentry has two types of auth tokens:

### User auth tokens

User auth tokens are personal tokens tied to your Sentry account. You can create and manage them at **User Settings > API Tokens**.

These tokens carry the same permissions as your user account and act on your behalf. Use user auth tokens for personal scripts, local tooling, or any integration that should run as a specific user.

### Organization auth tokens

Organization auth tokens are scoped to a single organization and are not tied to any individual user account. Create them at **Settings > Auth Tokens** within your organization.

Use organization auth tokens for CI/CD pipelines, automated tooling, and integrations where you want access tied to the organization rather than a person.

Organization auth tokens have the prefix `sntrys_`.

## Token scopes

When you create a token, you select which scopes it has access to. The API returns a `403 Forbidden` if you try to call an endpoint your token is not scoped for.

| Scope           | Description                                |
| --------------- | ------------------------------------------ |
| `project:read`  | Read project data                          |
| `project:write` | Create and update projects                 |
| `project:admin` | Delete projects and manage settings        |
| `org:read`      | Read organization data and membership      |
| `org:write`     | Update organization settings               |
| `org:admin`     | Manage organization membership and billing |
| `team:read`     | Read team data                             |
| `team:write`    | Create and update teams                    |
| `team:admin`    | Delete teams and manage membership         |
| `event:read`    | Read issues and events                     |
| `event:write`   | Update issues (resolve, assign, ignore)    |
| `event:admin`   | Delete issues and events                   |
| `member:read`   | Read organization member data              |
| `member:write`  | Invite and remove members                  |

Grant only the scopes your integration actually needs.

## Error responses

| Status             | Meaning                                                                        |
| ------------------ | ------------------------------------------------------------------------------ |
| `401 Unauthorized` | No token was provided, or the token is invalid or expired.                     |
| `403 Forbidden`    | The token is valid, but it does not have the required scope for this endpoint. |

<Note>
  DSN (Data Source Name) authentication is used exclusively by Sentry SDKs to ingest events. DSNs do not work for the REST API.
</Note>
